Chapter D · 4 of 4~10 min

Webhook lab

**Webhooks push** completion events — verify signatures before your worker acts.

Reviewed July 2026 · interactive lab

Paths & resources for this lesson

1Try it yourself

Playground

Webhook lab

Webhooks push events — polling pulls. Verify signatures before acting.

Nightly index job finished

2Read & reflect

Recap

#What you just did

You chose webhook vs poll vs reject for batch completion and bad signatures.

Teach

#Pattern

# Verify HMAC signature header before parsing body
payload = request.get_data()
sig = request.headers.get("X-Signature")
if not verify(sig, payload, WEBHOOK_SECRET):
    return ("invalid", 401)
event = json.loads(payload)

Use it

#When you'd use this

  • Batch embed/index completion
  • Payment or provisioning callbacks (with idempotency keys)

Watch out

#Watch out

Never process webhooks without signature verification and idempotency.

Try next

#Try this next

List three fields you would log for every webhook (event id, type, latency).

3Spark check

Continue learning · glossary & guides