Webhooks
Subscribe to events, verify signatures and handle retries.
Subscribing to events
Webhooks are configured per product in the Admin Console (Settings → Webhooks) or via the API. You register an HTTPS endpoint and choose event types; Aiinak POSTs a JSON payload for each event.
| Product | Example events |
|---|---|
| AiMail | message.received, message.sent, booking.created |
| Smart Drive | file.uploaded, file.shared, ocr.completed |
| AI Meeting | meeting.started, meeting.ended, summary.ready |
| AI Recruit | candidate.applied, interview.completed, scorecard.submitted |
| Enterprise AI | invoice.created, workflow.completed, insight.generated |
Verifying signatures
Every delivery includes an X-Aiinak-Signature header: an HMAC-SHA256 of the raw body using your endpoint's signing secret. Reject any payload whose signature does not match.
import crypto from "node:crypto";
function verify(req, secret) {
const expected = crypto
.createHmac("sha256", secret)
.update(req.rawBody)
.digest("hex");
const given = req.get("X-Aiinak-Signature") ?? "";
return crypto.timingSafeEqual(
Buffer.from(expected),
Buffer.from(given)
);
}Delivery and retries
At-least-once delivery
Use the event id for idempotency — the same event may be delivered more than once.
Exponential backoff
Non-2xx responses are retried for up to 24 hours with increasing delays.
Automatic disable
Endpoints failing for 3 consecutive days are disabled and admins are notified.
Respond 200 immediately and process asynchronously — deliveries that take longer than 10 seconds count as failures.