Skip to main content
Webhooks allow your application to receive real-time HTTP notifications when events occur in Bota. Instead of polling the API to check for status changes, webhooks push updates to your server as they happen.

Why Use Webhooks?

Bota’s async processing model (transcription, summarization) makes webhooks essential. When a transcription completes — which may take seconds to minutes — you’ll know immediately.

Quick Start

1. Create a Webhook Endpoint

Build an HTTP endpoint that accepts POST requests:

2. Register the Webhook

Response:
Save the secret — you’ll need it to verify webhook signatures. It’s only shown once.

3. Verify Signatures

Always verify that webhooks are from Bota. See Signature Verification below.

Event Types

See Webhook Events for detailed payload schemas.

Payload Structure

All webhook payloads follow this structure:

Signature Verification

All webhooks are signed using HMAC-SHA256. Always verify signatures to ensure requests are from Bota.

Signature Header

Verification Code

Never skip signature verification, even in development. Attackers can send fake webhook payloads to trigger unwanted actions.

Retry Policy

Bota retries failed deliveries with exponential backoff: After 6 failed attempts, the event is marked as failed and no further retries occur.

What Counts as Failure?

  • Non-2xx HTTP response
  • Request timeout (30 seconds)
  • Connection refused
  • TLS/SSL errors

Best Practices

Return a 200 response immediately, then process the event asynchronously. Long-running processing in the request handler will cause timeouts.
The same event may be delivered multiple times due to retries. Use the id field to deduplicate:
For production, store processed event IDs in a database.
Bota only delivers webhooks to HTTPS URLs. HTTP endpoints are rejected for security.
Events may arrive out of order. Don’t assume recording.uploaded arrives before transcription.completed. Check object state via API if order matters.
Log incoming webhooks for debugging. Include the event ID, type, and any processing errors.
Track your webhook success rate. Frequent failures may indicate endpoint issues.

Testing Webhooks

Local Development

Use a tunneling service like ngrok to receive webhooks locally:

Trigger Test Events

Create a recording and transcription to trigger events:

Managing Webhooks

List Webhooks

Delete a Webhook

Update Events (Delete and Recreate)

To change which events a webhook receives, delete it and create a new one.

Troubleshooting

  1. Verify the webhook is registered: GET /webhooks
  2. Check that your endpoint is publicly accessible
  3. Ensure you’re returning 2xx status codes
  4. Check your server logs for incoming requests
  5. Verify the events you’re subscribed to match what you expect
  1. Ensure you’re using the raw request body, not parsed JSON
  2. Check that you’re using the correct webhook secret
  3. Verify you haven’t modified the payload before verification
This is expected behavior. Implement idempotency using the event id field.
This is expected. Don’t rely on event ordering. Check resource state via API if needed.

Next Steps

Event Reference

Detailed payload schemas for all event types

API Reference

Webhook management endpoints