Push, signed, retried
Webhooks
Register an HTTPS endpoint and the platform POSTs signed JSON within seconds of each subscribed event. Deliveries retry with exponential backoff for 24 hours; eight consecutive failures pause the endpoint and trigger an email.
Events
| event | fires when |
|---|---|
| run.completed | A run completes; payload carries the result |
| run.failed | A run errors or hits its step ceiling |
| run.awaiting_approval | An agent reaches a gated action and pauses |
| file.processed | An upload finishes extraction into the graph |
| fine_tune.succeeded | A training job passes holdout evaluation |
| fine_tune.failed | A training job failed or regressed |
| key.near_expiry | A key is 7 days from scheduled rotation |
| usage.threshold | Spend crosses a configured threshold |
Verify before you trust
Each delivery carries a Mynd-Signature header: a unix timestamp and an HMAC-SHA256 of `{timestamp}.{raw_body}` under your endpoint secret. Verify with a constant-time comparison and reject timestamps older than five minutes.
Mynd-Signature: t=1781136000,v1=5f8c1e2a9b...
expected = HMAC_SHA256(secret, "{t}.{raw_body}")
valid = timing_safe_equal(expected, v1) && now - t < 300Operational rules
- Respond 2xx within 10 seconds; do real work asynchronously
- Deliveries are at-least-once — deduplicate on event.id
- Order is not guaranteed; trust the payload's created_at
- A 410 response unsubscribes the endpoint permanently
- Rotate endpoint secrets from the dashboard; old secret stays valid for 24h