Skip to content
AXIFI.

Webhooks

Receive real-time notifications about events in your application

What are Webhooks?
Event-driven notifications from the AXIFI API

Webhooks allow you to subscribe to important events in the AXIFI platform. Instead of polling the API, we'll send you real-time notifications when events occur.

Real-Time

Get notified instantly when events occur

Reliable

Guaranteed delivery with automatic retries

Secure

Signed payloads for verification

Setting Up Webhooks
How to register webhook endpoints

1. Create an Endpoint

Create an HTTPS endpoint that can receive POST requests from our servers.

POST /webhooks/axifi
Content-Type: application/json
X-Webhook-Signature: sha256=xxx...

{
  "event": "compound.created",
  "timestamp": "2024-01-15T10:30:45Z",
  "data": { ... }
}

2. Register in Dashboard

Go to your developer dashboard and configure webhook endpoints for each event type.

Dashboard → Webhooks → Add Endpoint → Select Events → Save

3. Verify Signatures

Always verify webhook signatures to ensure requests are from AXIFI.

Event Types
Available webhook events and their payloads
compound.created

Triggered when a new compound is added to the database

Payload
{
  "event": "compound.created",
  "timestamp": "2024-01-15T10:30:45Z",
  "data": {
    "id": "compound-123",
    "name": "Aspirin",
    "category": "analgesic",
    "efficacy": 0.92
  }
}
Verifying Signatures
Ensure webhook authenticity

Each webhook includes an X-Webhook-Signature header containing an HMAC-SHA256 signature of the payload. Verify this signature before processing the webhook.

Verification Example (Node.js)
const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

// In your webhook handler
app.post('/webhooks/axifi', (req, res) => {
  const signature = req.headers['x-webhook-signature'];
  const payload = JSON.stringify(req.body);
  
  if (!verifyWebhookSignature(payload, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  
  // Process webhook...
  res.json({ ok: true });
});
Verification Example (Python)
import hmac
import hashlib

def verify_webhook_signature(payload, signature, secret):
    expected_signature = 'sha256=' + hmac.new(
        secret.encode(),
        payload,
        hashlib.sha256
    ).hexdigest()
    
    return hmac.compare_digest(signature, expected_signature)

@app.route('/webhooks/axifi', methods=['POST'])
def handle_webhook():
    signature = request.headers.get('X-Webhook-Signature')
    payload = request.get_data()
    
    if not verify_webhook_signature(payload, signature, os.environ['WEBHOOK_SECRET']):
        return {'error': 'Unauthorized'}, 401
    
    # Process webhook...
    return {'ok': True}
Delivery & Retry Policy
How webhooks are delivered and retried
Retry Schedule
Attempt 1: Immediate
Attempt 2: After 5 seconds
Attempt 3: After 1 minute
Attempt 4: After 5 minutes
Attempt 5: After 30 minutes

Webhooks are considered delivered when your endpoint returns a 2xx status code. If your endpoint is unreachable or returns a non-2xx response, we'll retry according to the schedule above.

Best Practices
  • Always verify signatures
    Never trust webhook data without signature verification
  • Respond quickly
    Webhooks timeout after 30 seconds. Process asynchronously
  • Handle duplicates
    Use event IDs to prevent duplicate processing
  • Use HTTPS only
    All webhook endpoints must use HTTPS
Hi!