Webhook lab
**Webhooks push** completion events — verify signatures before your worker acts.
Reviewed July 2026 · interactive lab
1Try it yourself
Playground
Webhook lab
Webhooks push events — polling pulls. Verify signatures before acting.
Nightly index job finished
2Read & reflect
Recap
#What you just did
You chose webhook vs poll vs reject for batch completion and bad signatures.
Teach
#Pattern
# Verify HMAC signature header before parsing body
payload = request.get_data()
sig = request.headers.get("X-Signature")
if not verify(sig, payload, WEBHOOK_SECRET):
return ("invalid", 401)
event = json.loads(payload)
Use it
#When you'd use this
- Batch embed/index completion
- Payment or provisioning callbacks (with idempotency keys)
Watch out
#Watch out
Never process webhooks without signature verification and idempotency.
Try next
#Try this next
List three fields you would log for every webhook (event id, type, latency).
3Spark check