Webhook Delivery Format
Talonic delivers webhook events as HTTP POST requests with a JSON body, HMAC-SHA256 signature header, and a 10-second timeout.
HTTP request
| Property | Value |
|---|---|
| Method | POST |
| Content-Type | application/json |
| Timeout | 10 seconds |
| User-Agent | Talonic-Webhook/1.0 |
Headers
| Header | Description |
|---|---|
| X-Talonic-Signature | HMAC-SHA256 signature for verification |
| X-Talonic-Event | Event type (e.g., extraction.completed) |
| X-Talonic-Delivery-Id | Unique delivery ID for idempotency |
| X-Talonic-Timestamp | ISO 8601 timestamp of the event |
| Content-Type | application/json |
Payload structure
POST /your-webhook-endpoint HTTP/1.1
Host: your-server.com
Content-Type: application/json
X-Talonic-Signature: sha256=a1b2c3d4...
X-Talonic-Event: extraction.completed
X-Talonic-Delivery-Id: dlv_abc123
X-Talonic-Timestamp: 2026-04-20T14:31:22Z
{
"event": "extraction.completed",
"timestamp": "2026-04-20T14:31:22Z",
"data": {
"extraction_id": "ext_abc123",
"document_id": "doc_xyz789"
}
}Responding
Return any 2xx status code to acknowledge receipt. Non-2xx responses or timeouts trigger automatic retries. Use the X-Talonic-Delivery-Id header for idempotent processing. Verify every delivery with signature verification.