Skip to main content

Webhook Endpoint

Configure your webhook endpoint to receive notifications from Dari.

Endpoint Format

Your webhook endpoint should accept POST requests and handle the following:

Headers

  • X-Webhook-Signature: SHA256 HMAC signature for verification
  • X-Webhook-Timestamp: Unix timestamp of when the webhook was sent
  • Content-Type: application/json

Request Body

The webhook payload will be sent as JSON in the request body with the following structure: 
{
  "variables": {
    "variable_1": "value",
    "success_1: "completed"
  },
  "live_url": "https://app.usedari.com/live-view/{EXECUTION_ID}",
  "resume_workflow_url": "https://api.usedari.com/send-user-signal/{EXECUTION_ID}"
}

Payload Fields

  • variables: Object containing workflow variables as name-value pairs at the time of webhook execution
  • live_url: URL for the live browser view of your application
  • resume_workflow_url: (Only present for “Webhook and Wait” steps) Endpoint URL to resume the workflow after processing. See Resume Workflow for more details.

Example Implementation

import hmac
import hashlib
from typing import Optional
from fastapi import Request, Header, HTTPException

async def webhook_handler(
    request_obj: Request,
    x_webhook_signature: Optional[str] = Header(None, alias="X-Webhook-Signature"),
    x_webhook_timestamp: Optional[str] = Header(None, alias="X-Webhook-Timestamp")
):
    # Your webhook secret from Dari dashboard
    webhook_secret = "wh_live_XDmJ8FidjSgzZTBLxX0U7gKfJSo3baaQUiYcCkeu9Js"
    
    raw_body = await request_obj.body()
    payload_str = raw_body.decode('utf-8')
    
    if x_webhook_signature and x_webhook_timestamp:
        signature = x_webhook_signature.replace('sha256=', '')
        signature_payload = f"{x_webhook_timestamp}.{payload_str}"
        
        expected_signature = hmac.new(
            webhook_secret.encode('utf-8'),
            signature_payload.encode('utf-8'),
            hashlib.sha256
        ).hexdigest()
        
        is_valid = hmac.compare_digest(signature, expected_signature)
        
        if not is_valid:
            raise HTTPException(status_code=401, detail="Invalid webhook signature")
        
        return {"message": "Webhook verified and processed"}
    else:
        return {"message": "Webhook received without verification"}

Response

Your endpoint should return a 200 status code to acknowledge successful processing.