Eden AI webhooks are a feature that allows users to receive real-time notifications or data updates from the Eden AI asynchronous APIs. Webhooks provide a way for applications or services to be notified automatically when Eden APIs request is finished.

Eden AI webhook are available for all asynchronous features:

Eden AI webhooks enable users to create dynamic and real-time integrations with the platform, allowing for timely responses to events or updates. By leveraging webhooks, users can streamline workflows, automate processes, and stay informed about the latest insights and changes within the Eden AI system.

Signed Webhooks

Webhooks are by default sent over HTTPS. However, for more additional security and to be able to verify that webhooks indeed are sent by us, webhooks data are hashed and signed with a secret private key.


RSA Public Key

To be able to verify webhooks signature, and check that edenai is indeed the sender of the webhook, we make available a public key -shown here after- to be used to verify payload signature.


How it works

The request body stays the same, which means that the JSON body payload of the webhook remain the same, unencrypted and unhashed.

We will add in the request header our signature in the following format:

  • x-edenai-signautre: Contains the signature of the hashed payload (we will explain more in details in the following sections).
  • x-edenai-hash-algorithm: SHA256. We specify here that we are using the SHA 256 algorithm for hashing the payload data (stringified with an indent of 2) before signing it with our private key .

To be able to verify the signature of the JSON payload, you will need to hash the JSON data using the same algorithm SHA 256. After-which, you can run the verification using the obtained hash and the provided public-key shown above.

const crypto = require('crypto');
// we select the SHA 256 algorithm
const verify = crypto.createVerify('sha256');

// We hash the payload with an indent of 2,to ensure having the same format as in server side
const hashed_payload = crypto.createHash('sha256')
	.update(JSON.stringify(data, null, 2))


// we build the key Object
const Key = {
	key: the_public_key, // the public key shown above
  padding: crypto.constants.RSA_PKCS1_PADDING

// getting the signature in a buffer
const signatureBuffer = Buffer.from(signature, "hex");

// Now, we can check the signature using the built key and the buffer containing the signature
const verified = verify.verify(key, signatureBuffer);

if (verified === true) {
	console.log("request verified :D !");

import json
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256

# First, we hash the payload
hashed_payload = hashlib.sha256(
		json.dumps(payload, indent=2).encode('utf-8')

degest = SHA256.new(data = hashed_payload.encode())
#We get the signature in bytes
sig = bytes.fromhex(signature)
#we get the public key shown above
public_key = RSA.importKey(open("path/to/public-key.pem", 'r').read())

verifier = PKCS1_v1_5.new(public_key)
verified = verifier.verify(degest, sig)

if verified == True:
  print("request verified :D !")