Webhooks

Receive real-time notifications about events in your Fortifiers account.

Overview

Webhooks allow you to receive HTTP POST requests to your server whenever specific events occur in Fortifiers. This is useful for integrating with your existing systems, triggering downstream workflows, or updating your own database.

Setting Up Webhooks

Navigate to Settings → Webhooks
Click "Add Webhook Endpoint"
Enter your webhook URL (must be HTTPS)
Select events to subscribe to
Save and copy the signing secret

Supported Events

document.processing_started

Document upload begins processing

document.processing_completed

Processing finishes successfully

document.processing_failed

Processing encounters an error

quote.generated

Quote is successfully generated

workflow.stage_approved

Workflow stage is approved

workflow.stage_rejected

Workflow stage is rejected

Webhook Payload

Standard structure for all webhook events.

{
  "id": "evt_1234567890",
  "type": "document.processing_completed",
  "created": 1701124800,
  "data": {
    "object": {
      "id": "doc_1234567890",
      "status": "completed",
      "extracted_data": { ... }
    }
  }
}

Verifying Signatures

Verify the X-Fortifiers-Signature header to ensure authenticity.

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

Best Practices

Respond with 200 OK quickly (within 5s)
Process events asynchronously
Handle duplicate events (idempotency)

Retry Policy

We retry failed deliveries (non-2xx response or timeout) with exponential backoff:

• Immediately
• After 5 minutes
• After 1 hour
• After 6 hours
• After 24 hours

Endpoints are disabled after 5 consecutive failures.