WebhookEvent

The JSON body POSTed to your endpoint when a task reaches a terminal state.

Verifying signatures. Every delivery carries an X-LayerIQ-Signature header of the form t=<unix_seconds>,v1=<hex>. Recompute the HMAC and compare: 

signed   = `${t}.${rawRequestBody}`
expected = HMAC_SHA256(signingSecret, signed)   # hex
verify   = timingSafeEqual(expected, v1)

Use the raw request body bytes (do not re-serialize the JSON), and reject deliveries whose t is outside an acceptable clock-skew window (e.g. 5 minutes) to prevent replay. The X-LayerIQ-Event header echoes type.

Idempotency. Dedupe on the envelope id. Return a 2xx quickly; we retry non-2xx responses with exponential backoff (5 attempts) and otherwise mark the delivery failed.

  • createdAt
    Type: stringFormat: date-time
    required

    the date-time notation as defined by RFC 3339, section 5.6, for example, 2017-07-21T17:32:28Z

  • data
    Type: object
    required
    • counts
      Type: object ยท TaskCounts
      required
    • mode
      Type: stringenum
      required
      values
      • INGEST
      • NORMALIZE
      • UPDATE
      • DELETE
    • status
      Type: stringenum
      required
      values
      • COMPLETE
      • FAILED
    • taskId
      Type: string
      required

      The AssetIngestRun id - poll taskUrl for full detail.

    • taskUrl
      Type: string
      required

      Relative task status URL.

    • error
      Type: string | null
  • id
    Type: string
    required

    Delivery id; use it to dedupe.

  • type
    Type: stringenum
    required
    values
    • asset.ingest.completed
    • asset.ingest.failed
    • asset.normalize.completed
    • asset.normalize.failed
    • asset.bulk_update.completed
    • asset.bulk_update.failed
    • asset.bulk_delete.completed
    • asset.bulk_delete.failed