Webhooks

Webhooks allow PicFast to send real-time HTTP notifications to external services (like n8n, Make, Zapier, or your own application) when specific events occur — such as image uploads, deletions, or moderation decisions.

Creating a Webhook

  1. Navigate to Webhooks in the PicFast console sidebar
  2. Click Create Webhook
  3. Enter a name, the target URL (must be HTTPS), and select one or more event types
  4. Copy the secret immediately — it will not be shown again

Supported Events

Event TypeDescription
image.uploadedAn image was successfully uploaded
image.processedProcessing pipeline completed (compression, thumbnail, moderation)
image.deletedAn image was deleted (by owner, admin, or system expiry)
moderation.reviewedAn admin approved or rejected an image
user.registeredA new user registered

Verifying Signatures

PicFast signs every delivery with HMAC-SHA256. The signature header is X-PicFast-Signature: sha256=.... Verify it using the webhook secret returned at creation time:

import crypto from 'crypto'

function verifySignature(secret: string, timestamp: string, rawBody: string, signature: string): boolean {
  const payload = `${timestamp}.${rawBody}`
  const hmac = crypto.createHmac('sha256', secret)
  hmac.update(payload)
  const expected = `sha256=${hmac.digest('hex')}`
  return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature))
}

// In your HTTP handler:
const sig = req.headers['x-picfast-signature']
const ts = req.headers['x-picfast-timestamp']
if (Math.abs(Date.now()/1000 - parseInt(ts)) > 300) {
  return res.status(400).send('Timestamp too old')
}
if (!verifySignature(secret, ts, JSON.stringify(req.body), sig)) {
  return res.status(401).send('Invalid signature')
}

Delivery & Retries

PicFast delivers events with exponential backoff on failure:

AttemptDelay
1Immediate
21 minute
35 minutes
430 minutes
52 hours
612 hours

After 6 failed attempts, the delivery is marked as dead. You can manually replay any failed delivery from the webhook detail page.

Request Headers

HeaderDescription
X-PicFast-Event-IdUnique event instance UUID
X-PicFast-Event-TypeEvent type (e.g. image.uploaded)
X-PicFast-Delivery-IdUnique delivery attempt ID
X-PicFast-TimestampUnix timestamp of signature generation
X-PicFast-SignatureHMAC-SHA256 signature

n8n Integration

  1. Add a Webhook node in your n8n workflow (HTTP Method: POST)
  2. Copy the production webhook URL from n8n
  3. In PicFast, create a webhook pointing to the n8n URL with your desired event types
  4. In n8n, connect the Webhook node to your processing logic
  5. Use the Test button in PicFast to verify connectivity