Skip to main content

Security and Verification

When using webhooks, it's critical to ensure the call truly comes from Outter (and not a malicious third party). Outter will include a signature header X-Outter-Signature or use a secret token that you provide when configuring the webhook. Your endpoint should verify this signature or token. For example, Outter might HMAC-sign the payload with a secret you share; you would then recompute and verify it matches the X-Outter-Signature header. Always validate this before processing the webhook data.

Additionally, consider using HTTPS for your webhook endpoint (required for security) and restrict the endpoint to only accept expected calls. Keep the endpoint URL private.

Webhooks for Event Notifications

Beyond delivering AI results, Outter can send webhooks for certain system events. For instance, you can configure webhooks for events like:

  • Usage Exceeded – Get notified when your monthly usage quota is, say, 90% used or exceeded. This helps with quota management (see below).
  • Invoice Paid/Failed – If using Outter’s billing, you can receive a webhook when an invoice is paid or a payment fails (useful to update your internal billing records).
  • Data Updates – If you use Outter to sync data, a webhook can confirm when data ingestion is complete or when external data has changed.

To set these up, you typically register the webhook URL and event type in your Outter account settings or via an API endpoint. For example, there might be an endpoint like POST /api/webhooks where you submit {"event": "usage_threshold", "url": "<https://yourapp.com/notify-usage>"}. Once configured, Outter’s Notification Service will POST to your URL whenever that event occurs. The payload will include details about the event (e.g., how much of the quota is used, or invoice details).

Example:

{
    "event": "usage_threshold",
    "organization": "your-organization-id",
    "usage": 784017,
    "threshold": 1000000
    }

Webhooks enable real-time, push-based integration that keeps your application in sync with Outter’s operations without continuous polling. They are especially useful for long-running tasks and critical events. Ensure you build reliable webhook handlers (respond with 200 OK quickly, implement retries or idempotency if needed, and secure the endpoints).