REST API
Webhooks
Subscribe to post lifecycle events and verify delivery signatures.
Webhooks let Aidelly push real-time notifications to your server when post events occur.
Subscribing
curl -sS "$AIDELLY_API_BASE/webhooks" \
-X POST \
-H "Authorization: Bearer $AIDELLY_API_KEY" \
-H "Idempotency-Key: webhook-$(uuidgen)" \
-H "x-aidelly-workspace-id: $WORKSPACE_ID" \
-H "Content-Type: application/json" \
-d '{
"url": "https://yourapp.example.com/aidelly/webhooks",
"events": ["post.published", "post.failed"],
"description": "Post completion handler"
}'Available events
| Event | Triggered when |
|---|---|
post.created | A post is created (draft or scheduled) |
post.scheduled | A post is confirmed scheduled |
post.published | A post is successfully published to the platform |
post.failed | A post failed to publish |
post.canceled | A post is canceled before publishing |
Payload shape
{
"event": "post.published",
"workspace_id": "uuid",
"brand_id": "uuid",
"data": {
"post_id": "uuid",
"platform": "linkedin",
"status": "completed",
"published_at": "2026-02-18T17:30:00Z",
"platform_post_id": "urn:li:share:xxx"
},
"created_at": "2026-02-18T17:30:02Z"
}Signature verification
Every webhook delivery includes an Aidelly-Signature header. Verify it to confirm the payload came from Aidelly:
import crypto from 'crypto';
function verifyWebhookSignature(
payload, // raw request body (string)
signature, // Aidelly-Signature header value
secret // your webhook signing secret
) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(`sha256=${expected}`)
);
}Delivery and retries
Aidelly expects your endpoint to return a 2xx status within 10 seconds. If the delivery fails or times out, Aidelly retries up to 5 times with exponential backoff (5s, 25s, 125s, 625s, 3125s).
After 5 failed attempts, the webhook delivery is marked failed and no further retries occur.
Listing and deleting subscriptions
# List
curl "$AIDELLY_API_BASE/webhooks" -H "Authorization: Bearer $AIDELLY_API_KEY"
# Delete
curl -X DELETE "$AIDELLY_API_BASE/webhooks/$WEBHOOK_ID" \
-H "Authorization: Bearer $AIDELLY_API_KEY" \
-H "Idempotency-Key: delete-$(uuidgen)"