Webhooks
Subscribe to workspace events and deliver signed JSON payloads to your HTTPS endpoints.
Register a subscription
POST https://api.gospace.ai/v1/webhooks/webhooks
Authorization: Bearer <access_token>
Content-Type: application/json
# Alternatively, use an API key:
# x-api-key: <workspace_api_key>
{
"endpoint": "https://example.com/gospace/webhooks",
"secret": "whsec_123",
"events": ["FORECASTING_FINISHED", "RECOMMENDATION_CREATED"]
}
Delivery
- Events are delivered via HTTPS
POST. - Each delivery includes an event type and a unique request ID.
- If you set a
secret, requests are signed so you can verify authenticity.
Verify signatures
- Compute the signature as
hex(hmac_sha256(raw_body, secret)). - Compare the signature using a constant-time check.
- Rotate the secret if repeated failures occur or when rotating credentials elsewhere.
Manage webhooks
GET /v1/webhooks/webhooks
POST /v1/webhooks/webhooks
PATCH /v1/webhooks/webhooks/{webhook_id}
DELETE /v1/webhooks/webhooks/{webhook_id}
Sample payload
{
"event": "FORECASTING_FINISHED",
"workspace_id": "wrk_456",
"request_id": "req_01J0X0M7KNG7KQZ4XQY4J6V6P4",
"payload": {
"id": "job_01HZN4X2VWXK9K6FZC7YQTS9M1",
"status": "finished"
}
}
Verify signatures before processing events. If you receive repeated failures, rotate the webhook secret or disable the webhook in the Platform.