Webhook

Scrapfly's webhook feature is ideal for managing long-running extraction tasks asynchronously. When webhook is specified through the webhook_name parameter, Scrapfly will call your HTTP endpoint with the extraction response.

To start using webhooks first one must be created using webhook web interface.

webhook management page

The body sent to your endpoint is the same as a regular API Extract response, plus webhook information in the context part.

webhook status report on monitoring log page
Webhook Queue Size

The webhook queue size indicates the maximum number of queued webhooks that can be scheduled. After the extraction process is completed and your application is notified, the queue size is reduced. This allows you to schedule additional extraction beyond the concurrency limit of your subscription. The scheduler will handle this and ensure that your concurrency limit is met.

FREE
$0.00/mo
DISCOVERY
$30.00/mo
PRO
$100.00/mo
STARTUP
$250.00/mo
ENTERPRISE
$500.00/mo
500 500 2,000 5,000 10,000

See in Your Dashboard

Scope

Webhooks are scoped per scrapfly projects and environments. Make sure to create a webhook for each of your project and environment (test/live).

Usage

Webhook can be used for multiple purpose, in context of Extraction API, to assert you received an extraction, you must check the header X-Scrapfly-Webhook-Resource-Type and check the value is extraction

To enable webhook callbacks, all you need to do is specify the webhook_name parameter in your extract requests. Then, Scrapfly will immediately return a 201 and accept your request, then the scheduler will automatically call your webhook URL with the extraction result.

Note that your webhook has to be configured to respond to 2xx response code for webhook to be considered a success. The 3xx redirect responses will be followed and response codes 4xx and 5xx are considered failures and will be retried as per the retry policy.

The below examples assume you have a webhook named my-webhook registered. You can create a webhook named "example" via the web dashboard.

Example Of Response

Tracking

When you enqueue a scrape, you receive a unique job uuid job_uuid, when your webhook will be notified, you will retrieve the processed job id on the response header X-Scrapfly-Webhook-Job-Id to reconcile it in your system and track it.

Retry Policy

Webhook callbacks are retried if Scrapfly can't notify the endpoint specified in your webhook settings based on this retry policy:

  • 30 seconds
  • 1 minute
  • 5 minutes
  • 30 minutes
  • 1 hour
  • 1 day
If we failed to reach your application more than 100 times in a row, the system automatically disables it, and you will be notified. You can re-enable it from the UI at any point after.

Development

Useful tools to develop locally :

Security

Webhooks are signed using HMAC (Hash-based Message Authentication Code) with the SHA-256 algorithm to ensure the integrity of the webhook content and verify its authenticity. This mechanism helps prevent tampering and ensures that webhook payloads are from trusted sources.

HMAC Overview

HMAC is a cryptographic technique that combines a secret key with a hash function (in this case, SHA-256) to produce a fixed-size hash value known as the HMAC digest. This digest is unique to both the original message and the secret key, providing a secure way to verify the integrity and authenticity of the message.

Signature in HTTP Header

When sending a webhook request, a signature is generated using HMAC-SHA256 and included in the HTTP header X-Scrapfly-Webhook-Signature. This signature is computed based on the webhook payload and a secret key known only to the sender and receiver.

Verification Process

Upon receiving a webhook request, the receiver extracts the payload and computes its own HMAC-SHA256 signature using the same secret key. It then compares this computed signature with the signature provided in the X-Scrapfly-Webhook-Signature header. If the two signatures match, it indicates that the payload has not been tampered with and originates from the expected sender.

Security Considerations

  • Keep Secret Key Secure: The secret key used for HMAC computation should be kept confidential and not exposed publicly.
  • Use HTTPS: Webhook communication should be conducted over HTTPS to ensure data privacy and integrity during transit.
  • Regular Key Rotation: Periodically rotate the secret key used for HMAC computation to enhance security.

Headers

Following headers are added :

  • X-Scrapfly-Webhook-Env : Related environment where webhook is triggered
  • X-Scrapfly-Webhook-Project : Related project name
  • X-Scrapfly-Webhook-Signature HMAC SHA-256 Integrity Signature
  • X-Scrapfly-Webhook-Name Name of the webhook
  • X-Scrapfly-Webhook-Resource-Type Resource type
  • X-Scrapfly-Webhook-Job-Id Unique Job Identifier given in the enqueue call

All related errors are listed below. You can see the full description and example of the error response on Errors section of the documentation.

No additional fee applied on usage.

Summary