Webhooks
Webhooks allow PicFast to send real-time HTTP notifications to external services (like n8n, Make, Zapier, or your own application) when specific events occur — such as image uploads, deletions, or moderation decisions.
Creating a Webhook
- Navigate to Webhooks in the PicFast console sidebar
- Click Create Webhook
- Enter a name, the target URL (must be HTTPS), and select one or more event types
- Copy the secret immediately — it will not be shown again
Supported Events
| Event Type | Description |
|---|---|
image.uploaded | An image was successfully uploaded |
image.processed | Processing pipeline completed (compression, thumbnail, moderation) |
image.deleted | An image was deleted (by owner, admin, or system expiry) |
moderation.reviewed | An admin approved or rejected an image |
user.registered | A new user registered |
Verifying Signatures
PicFast signs every delivery with HMAC-SHA256. The signature header is X-PicFast-Signature: sha256=.... Verify it using the webhook secret returned at creation time:
import crypto from 'crypto'
function verifySignature(secret: string, timestamp: string, rawBody: string, signature: string): boolean {
const payload = `${timestamp}.${rawBody}`
const hmac = crypto.createHmac('sha256', secret)
hmac.update(payload)
const expected = `sha256=${hmac.digest('hex')}`
return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature))
}
// In your HTTP handler:
const sig = req.headers['x-picfast-signature']
const ts = req.headers['x-picfast-timestamp']
if (Math.abs(Date.now()/1000 - parseInt(ts)) > 300) {
return res.status(400).send('Timestamp too old')
}
if (!verifySignature(secret, ts, JSON.stringify(req.body), sig)) {
return res.status(401).send('Invalid signature')
} Delivery & Retries
PicFast delivers events with exponential backoff on failure:
| Attempt | Delay |
|---|---|
| 1 | Immediate |
| 2 | 1 minute |
| 3 | 5 minutes |
| 4 | 30 minutes |
| 5 | 2 hours |
| 6 | 12 hours |
After 6 failed attempts, the delivery is marked as dead. You can manually replay any failed delivery from the webhook detail page.
Request Headers
| Header | Description |
|---|---|
X-PicFast-Event-Id | Unique event instance UUID |
X-PicFast-Event-Type | Event type (e.g. image.uploaded) |
X-PicFast-Delivery-Id | Unique delivery attempt ID |
X-PicFast-Timestamp | Unix timestamp of signature generation |
X-PicFast-Signature | HMAC-SHA256 signature |
n8n Integration
- Add a Webhook node in your n8n workflow (HTTP Method: POST)
- Copy the production webhook URL from n8n
- In PicFast, create a webhook pointing to the n8n URL with your desired event types
- In n8n, connect the Webhook node to your processing logic
- Use the Test button in PicFast to verify connectivity