Delivery Format

Webhook delivery format details including POST request structure, JSON body format, and standard headers for event type, signature, delivery ID, and timestamp.

Webhooks are delivered as POST requests with a JSON body. Configure webhook URLs per-source or per-extraction via the webhook_url option on the extract endpoint.

Most integrations configure a single webhook endpoint that handles all event types, using the X-Talonic-Event header to route internally. A typical setup is to pass webhook_url on POST /v1/extract calls, or configure a default URL in the dashboard for all extractions from a specific source.

Each delivery includes four standard headers: X-Talonic-Event (event type), X-Talonic-Signature (HMAC-SHA256 for verification), X-Talonic-Delivery-Id (unique ID for idempotency), and X-Talonic-Timestamp (Unix timestamp). Your endpoint must return a 2xx status within 30 seconds or the delivery is considered failed.

Pair webhook delivery with the [Signature Verification](webhook-security) guide to authenticate incoming payloads. Note that failed deliveries are retried with exponential backoff up to 4 times — see [Retry Policy](webhook-retry) for the schedule.