VeraVera
Get API Key
Advanced/Webhooks

Webhooks

Receive real-time notifications when async operations complete.

Overview

Webhooks allow you to receive HTTP callbacks when certain events occur in your account. Instead of polling the API, you can subscribe to events and receive real-time notifications.

Pro & Enterprise: Webhooks are available on Pro and Enterprise plans.

Setting Up Webhooks

Configure your webhook endpoint in the dashboard settings. Your endpoint must:

Accept POST requests

Return a 2xx status code within 30 seconds

Use HTTPS (required for production)

Webhook Events

enrich.completed

Company enrichment completed successfully

enrich.failed

Company enrichment failed

scrape.completed

URL scrape completed successfully

scrape.failed

URL scrape failed

batch.completed

Batch job completed

batch.progress

Batch job progress update

Webhook Payload

All webhook payloads follow this structure:

JSON
{
  "id": "evt_abc123xyz",
  "type": "enrich.completed",
  "created": "2026-01-15T12:00:00Z",
  "data": {
    "requestId": "req_xyz789",
    "url": "stripe.com",
    "result": {
      "domain": "stripe.com",
      "name": "Stripe",
      "industry": "Financial Technology",
      // ... full enrichment data
    }
  }
}

Verifying Webhooks

All webhooks include a signature in the X-Vera-Signature header. Always verify this signature to ensure the webhook is authentic.

Headers
X-Vera-Signature: sha256=abc123...
X-Vera-Timestamp: 1705320000
Content-Type: application/json
Node.js
import crypto from 'crypto';

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${expectedSignature}`)
  );
}

Retry Policy

If your endpoint returns a non-2xx status code or times out, we'll retry the webhook with exponential backoff:

1st retry1 minute
2nd retry5 minutes
3rd retry30 minutes
4th retry2 hours
5th retry (final)24 hours

Best Practices

Respond quickly

Return a 200 status immediately and process the webhook asynchronously. Webhooks timeout after 30 seconds.

Handle duplicates

Use the event id to deduplicate events. The same event may be delivered more than once.

Verify signatures

Always verify the webhook signature before processing. Never trust unverified payloads.

Log events

Keep logs of received webhooks for debugging. Include the event ID and timestamp.