Setup
- Open Settings → Webhooks
- Add an HTTPS endpoint URL
- Copy the signing secret shown once (you can re-reveal later)
- Handle
ocr.doneandocr.failed
Payload
{
"eventType": "ocr.done",
"taskId": "…",
"userId": "…",
"provider": "paddle-ai-studio",
"status": "done",
"pageCount": 2
}
Verification
- Read
X-Webhook-Timestamp,X-Webhook-Nonce,X-Webhook-Signature - Reject if timestamp is older than ~5 minutes
- Compute HMAC-SHA256 of
`${timestamp}.${nonce}.${rawBody}`with your endpoint secret - Compare to the signature (
sha256=<hex>)
Failed deliveries are retried by a daily cron until marked dead.