General
Start typing to search…

Webhooks

πŸ” Webhook Signature Verification

Pixop signs all outgoing webhook requests to allow you to verify their authenticity and integrity.

Each request includes the following HTTP headers:

  • X-Pixop-Signature: A base64-encoded signature of the timestamp and request body.
  • X-Pixop-Public-Key-Id: The UUID of the public key used to verify the signature.
  • X-Pixop-Timestamp: A Unix timestamp (in seconds) indicating when the request was signed.
  • X-Pixop-Algorithm: The signing algorithm. Currently, SHA256withECDSA.

Signature format:

<timestamp>.<payloadJson>

  • <timestamp> is taken from X-Pixop-Timestamp
  • <payloadJson> is the raw request body as sent by Pixop

This string is signed using ECDSA (SHA256withECDSA), and the result is base64-encoded.

βœ… Verifying the Signature

  1. Concatenate the timestamp and request body:

    timestamp + "." + rawRequestBody

  2. Retrieve the public key using the X-Pixop-Public-Key-Id:

    GET /v1/webhooks/public-keys/{id}

  3. Verify the signature using the specified algorithm and public key.

  4. Reject requests with timestamps older than an acceptable threshold (e.g., 5 minutes) to mitigate replay attacks.

⏱ Webhook requests have a 10-second timeout. Respond promptly and handle long-running logic asynchronously to avoid delivery failures.

Although public key retrieval is typically fast, it's strongly recommended to cache it to reduce latency and improve performance.

πŸ” Key Rotation

Pixop rotates webhook signing keys regularly. During rotation, two keys may be valid for a short grace period. Always verify the signature using the public key referenced by X-Pixop-Public-Key-Id.

πŸ’» Code Example

A public Spring Boot example project will be available to demonstrate webhook signature verification.

πŸ“¦ Webhook Retry Behavior

Pixop automatically retries failed webhook deliveries using an exponential backoff strategy. Retry behavior can be customized per webhook.

A delivery is considered failed if:

  • The response status code is not 2xx
  • The request times out or encounters a network error
  • The WebhookRateLimitPerSecond threshold is exceeded and no permit is acquired within 5 seconds

If a 429 Too Many Requests response includes a Retry-After header (or similar), Pixop honors it when scheduling the next retry attempt.

Retries continue until the maximum retry duration (maxTotalRetryDelayMinutes) is reached.

Detailed delivery history β€” including status codes, response bodies, retry timing, and headers β€” is available via the GET /v1/webhooks/events endpoint.

πŸ“… Webhook event history is retained for 10 days, or 1 day for test events.

⏳ Event Ordering and Context

Webhook events are dispatched asynchronously and independently. While Pixop makes a best-effort attempt to deliver events in the order they occur, delivery order is not guaranteed.

For instance, a video_processing.done event may arrive before the corresponding video_processing.started event for the same videoId.

To correctly handle events:

  • Treat each event as self-contained
  • Use the occurredAt date and time to determine the actual sequence of events
  • Design webhook receivers to be idempotent and resilient to out-of-order delivery

For additional context about a given event, query the related video resource using:
GET /v1/videos/{videoId}