Webhooks

Introduction

Webhooks allow Fairu to send real-time HTTP notifications to your systems when events occur. Instead of polling the API for changes, webhooks push data to your endpoint as soon as something happens—whether a file is uploaded, a license expires, or a workflow completes.

Common use cases

Sync with external systems – Automatically update your CMS, PIM, or DAM when files change
Trigger workflows – Start automated processes when specific events occur
Send notifications – Alert your team via Slack, email, or other channels
Audit logging – Track all changes to your digital assets in an external system

Quick start

Navigate to Settings → Webhooks in your Fairu dashboard
Click Create webhook
Enter your endpoint URL (must be HTTPS in production)
Select the events you want to receive
Configure authentication (optional but recommended)
Save and activate your webhook

Configuration options

When creating or editing a webhook, you can configure the following:

Field	Description
Name	A descriptive name to identify this webhook
URL	The endpoint that will receive webhook requests (HTTPS recommended)
Authentication	Optional authentication method (None, Basic, or Bearer)
Subscriptions	The entity types and events you want to receive
Active	Toggle to enable or disable the webhook

Events reference

Fairu supports webhooks for six entity types, each with its own set of events.

File events

Event	Description
`file.created`	A new file was uploaded
`file.updated`	A file's metadata was modified
`file.deleted`	A file was deleted
`file.signed`	A document was signed
`file.duplicated`	A file was duplicated
`file.moved`	A file was moved to a different folder
`file.downloaded`	A file was downloaded
`file.copyright_assigned`	A copyright was assigned to a file
`file.license_assigned`	A license was assigned to a file

Folder events

Event	Description
`folder.created`	A new folder was created
`folder.updated`	A folder's metadata was modified
`folder.deleted`	A folder was deleted
`folder.moved`	A folder was moved to a different location

Copyright events

Event	Description
`copyright.created`	A new copyright was created
`copyright.updated`	A copyright was modified
`copyright.deleted`	A copyright was deleted
`copyright.assigned`	A copyright was assigned to one or more files

License events

Event	Description
`license.created`	A new license was created
`license.updated`	A license was modified
`license.deleted`	A license was deleted
`license.expired`	A license has expired
`license.assigned`	A license was assigned to one or more files

Gallery events

Event	Description
`gallery.created`	A new gallery was created
`gallery.updated`	A gallery was modified
`gallery.deleted`	A gallery was deleted
`gallery.shared`	A gallery was shared
`gallery.images_added`	Images were added to a gallery
`gallery.images_removed`	Images were removed from a gallery

Workflow events

Event	Description
`workflow.created`	A new workflow was created
`workflow.updated`	A workflow was modified
`workflow.deleted`	A workflow was deleted
`workflow.triggered`	A workflow was triggered
`workflow.completed`	A workflow completed execution

Payload structure

Each webhook request is sent as an HTTP POST with a JSON body. Multiple events may be batched into a single request.

{
  "webhook_id": "550e8400-e29b-41d4-a716-446655440000",
  "events": [
    {
      "type": "file.created",
      "entity_type": "file",
      "entity_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
      "event_type": "created",
      "timestamp": "2026-02-03T12:00:00+00:00",
      "payload": {
        "entity_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7"
      }
    }
  ],
  "sent_at": "2026-02-03T12:00:05+00:00"
}

Field descriptions

Field	Type	Description
`webhook_id`	string (UUID)	The ID of the webhook configuration
`events`	array	Array of event objects
`events[].type`	string	Combined event type (e.g., `file.created`)
`events[].entity_type`	string	The entity type (`file`, `folder`, `copyright`, `license`, `gallery`, `workflow`)
`events[].entity_id`	string (UUID)	The ID of the affected entity
`events[].event_type`	string	The event that occurred (e.g., `created`, `updated`)
`events[].timestamp`	string (ISO 8601)	When the event occurred
`events[].payload`	object	Additional event-specific data
`sent_at`	string (ISO 8601)	When the webhook request was sent

Authentication

Fairu supports three authentication methods to secure your webhook endpoint.

None

No authentication is applied. The request is sent without any Authorization header. Only use this for testing or internal endpoints.

Basic authentication

HTTP Basic Auth sends credentials in the Authorization header.

Setup: Enter your credentials in the format username:password

The request will include:

Authorization: Basic base64(username:password)

Bearer token

A bearer token is sent in the Authorization header.

Setup: Enter your token value (without the "Bearer" prefix)

The request will include:

Authorization: Bearer your-token-here

Receiving webhooks

Here's an example of how to receive and process webhooks in Node.js with Express:

const express = require('express');
const app = express();
 
app.use(express.json());
 
app.post('/webhooks/fairu', (req, res) => {
  const { webhook_id, events, sent_at } = req.body;
 
  // Process each event
  for (const event of events) {
    console.log(`Received ${event.type} for ${event.entity_id}`);
 
    switch (event.entity_type) {
      case 'file':
        handleFileEvent(event);
        break;
      case 'folder':
        handleFolderEvent(event);
        break;
      case 'license':
        handleLicenseEvent(event);
        break;
      // ... handle other entity types
    }
  }
 
  // Respond quickly with 200 OK
  res.status(200).send('OK');
});
 
function handleFileEvent(event) {
  switch (event.event_type) {
    case 'created':
      console.log(`New file created: ${event.entity_id}`);
      break;
    case 'updated':
      console.log(`File updated: ${event.entity_id}`);
      break;
    case 'deleted':
      console.log(`File deleted: ${event.entity_id}`);
      break;
  }
}
 
app.listen(3000);

Technical details

Request format

Method: POST
Content-Type: application/json
User-Agent: fairu/webhook
Timeout: 5 seconds

Event debouncing

Events are debounced for 5 seconds to prevent overwhelming your endpoint with rapid successive changes. If the same entity triggers multiple events within this window, only the most recent state is sent.

Event batching

Multiple events may be batched into a single request. Always iterate over the events array rather than assuming a single event per request.

Delivery

Webhook requests are processed asynchronously via a queue. Events are typically delivered within a few seconds of occurring, though delivery time may vary under high load.

Best practices

Respond quickly

Your endpoint must respond within 5 seconds or the request will time out. Perform minimal processing in your webhook handler and queue any heavy work for background processing.

// Good: Respond immediately, process later
app.post('/webhooks/fairu', async (req, res) => {
  // Queue for background processing
  await queue.add('process-webhook', req.body);
 
  // Respond immediately
  res.status(200).send('OK');
});

Handle duplicate events

While rare, network issues may cause the same event to be delivered more than once. Design your webhook handler to be idempotent—processing the same event twice should have the same result as processing it once.

// Use entity_id + event_type + timestamp as a deduplication key
const eventKey = `${event.entity_id}-${event.event_type}-${event.timestamp}`;
if (await hasProcessedEvent(eventKey)) {
  return; // Already processed
}
await markEventProcessed(eventKey);

IP allowlisting (if Fairu provides static IPs)
Checking the webhook_id matches your configured webhook

Debugging

Webhook logs

Fairu logs every webhook request, including:

Request payload
Response status code
Response body (truncated)
Duration in milliseconds

Access webhook logs in Settings → Webhooks → [Your Webhook] → Logs to troubleshoot delivery issues.

Common issues

Issue	Solution
Timeout errors	Ensure your endpoint responds within 5 seconds. Move heavy processing to a background queue.
Connection refused	Verify your endpoint is publicly accessible and the URL is correct.
SSL certificate errors	Ensure your SSL certificate is valid and not self-signed (in production).
401/403 errors	Check that your authentication credentials are correct.
No events received	Verify the webhook is active and you've subscribed to the correct events.

Testing webhooks

For local development, use a tunnel service like ngrok to expose your local endpoint:

ngrok http 3000

Then use the generated HTTPS URL as your webhook endpoint.