Developer documentation
Webhook signing headers, replay protection, event types, and retry policy.
BLERBZ webhook deliveries should include BLERBZ-Signature, BLERBZ-Timestamp, and BLERBZ-Event-Id. Consumers should compute an HMAC over the timestamp and raw body with the signing secret, compare signatures in constant time, and reject stale timestamps.
Store BLERBZ-Event-Id values for the replay window and reject duplicates. Use a timestamp tolerance, commonly five minutes, unless the integration has a stricter security requirement.
Recommended event types include job.queued, job.running, job.succeeded, job.failed, job.canceled, stream.generated, analysis.completed, and usage.threshold_reached. Test events should be clearly labeled as webhook.test.
Webhook consumers should return a 2xx status only after durable receipt. BLERBZ can retry transient failures with backoff where webhook delivery is enabled. Delivery logs should include event id, status, attempt count, and next retry time.