FluentaPremier
Score idea

Webhooks · Draft

X-Ray webhooks are in design.

This page documents the proposed contract so backend and integrators can align before implementation. Polling remains the only production pattern for now.

Current status

Not yet available in production. Continue using GET /idea-analyses/{id}/progress polling for run completion.

Proposed events

  • xray.completed
  • xray.failed
event payload (draft)
{
  "id": "evt_01J123456789",
  "type": "xray.completed",
  "created_at": "2026-05-05T12:30:00Z",
  "data": {
    "analysis_id": "an_01J123...",
    "status": "complete",
    "lrs": 81,
    "verdict": "prime",
    "result_url": "https://fluenta.space/app/x-ray/an_01J123..."
  }
}

Signing model (draft)

Delivery signatures are expected to follow a Stripe-style timestamp + HMAC envelope to prevent replay attacks and body tampering.

signature verification (pseudo)
# request headers
X-Fluenta-Signature: t=1735833292,v1=hex_hmac_sha256

# verification steps
1) build signed_payload = "{timestamp}.{raw_request_body}"
2) expected = HMAC_SHA256(secret, signed_payload)
3) compare expected and v1 using constant-time comparison
4) reject if abs(now - timestamp) > 300 seconds

Retry behavior (draft)

  • At-least-once delivery semantics.
  • Exponential backoff retries up to 24 hours.
  • Receivers must dedupe on event `id` (idempotency).