Skip to main content

Webhooks

Webhooks allow you to receive real-time HTTP notifications when events occur in your Pictify account. Use them to trigger workflows, update databases, or integrate with third-party services.

Supported Events

Creating a Webhook

Dashboard

  1. Go to Settings > Webhooks
  2. Click Create Webhook
  3. Select the event type
  4. Enter your endpoint URL
  5. Save and copy the signing secret

API

Response includes the signing secret (only shown once):

Webhook Payload

All webhooks include these headers:

render.completed

render.failed

Signature Verification

Always verify webhook signatures to ensure requests are from Pictify and haven’t been tampered with.
The signature header format is:
Where:
  • t = Unix timestamp when the webhook was sent
  • v1 = HMAC-SHA256 signature of {timestamp}.{payload}

Verification Steps

  1. Extract timestamp and signature from header
  2. Reject if timestamp is older than 5 minutes (replay protection)
  3. Compute expected signature: HMAC-SHA256(secret, "{timestamp}.{payload}")
  4. Compare signatures using constant-time comparison

Code Examples

Managing Webhooks

List Webhooks

Pause / Resume a Webhook

Pause and resume are currently available via the dashboard only. API support is coming soon.

Delete a Webhook

Filters

Filter webhooks to receive only specific events:

Delivery & Retries

  • Webhooks are delivered within seconds of events
  • Failed deliveries retry with exponential backoff: 1min, 5min, 30min, 2hr, 24hr
  • After 5 failed attempts, the webhook is paused
  • Check delivery status in the dashboard or via API

Best Practices

  1. Always verify signatures - Protect against spoofed requests
  2. Respond quickly - Return 2xx within 30 seconds, process async
  3. Handle duplicates - Use delivery ID for idempotency
  4. Monitor failures - Set up alerts for webhook delivery issues
  5. Use HTTPS - Never use HTTP endpoints in production