Event Subscriptions
Event subscriptions let Plextera push product events to your webhook endpoint. Use them when your integration should react to completed, failed, or rejected processing without polling.
When to use events
A common production pattern is: subscribe to terminal events, process webhook deliveries immediately, and periodically poll resources that have not completed after an expected time window.
Available events
Closing a run in Plextera Studio is treated as a failure outcome for event delivery: subscribers of workflow.run.failed receive an event whose run status is CLOSED. Check the status field in the payload if your handler needs to distinguish the two.
Setup
Create an event subscription
Call POST /event-subscriptions with:
endpointUrl- the HTTPS URL Plextera should POST events to.eventTypes- one or more event types to subscribe to.signingSecret- a secret used to sign deliveries.filters- optional filters for workflow events, for example a specific workflow ID.
Document Insights subscriptions rarely need filters — the event types already select what is delivered. The response omits filters when none are configured.
Implement your webhook endpoint
Your endpoint must:
- Accept
POSTrequests with a JSON body. - Read the raw request body for signature verification.
- Return a
2xxstatus within 15 seconds — acknowledge first, then process the event asynchronously. Slow responses time out and count as failed deliveries. - Handle duplicate deliveries safely.
Event payload model
Every event uses a common envelope:
The data field contains the event-specific payload. See the Event Reference for complete schemas and examples.
Delivery headers
Every webhook delivery includes:
Verifying signatures
Each delivery is signed using the signingSecret you provided when creating the subscription. This confirms the delivery came from Plextera and that the payload was not modified.
Signature format:
Verification steps:
- Extract
tandv1from the header. - Construct the signed payload:
<t>.<raw request body>. - Compute HMAC-SHA256 using your
signingSecret. - Compare the computed signature with
v1using a constant-time comparison. - Optionally reject old timestamps for replay protection.
The signing secret is write-only. Plextera never returns it in API responses. Store it securely and rotate it by updating the subscription with a new signingSecret.
Retry and idempotency
- The same
eventIdmay be delivered more than once. - Your webhook handler should be idempotent. Store processed
eventIdvalues or use your own deduplication key. - If a document is reprocessed after a terminal state, a later terminal state can produce a new event.
Inspect deliveries
Use GET /event-subscriptions/{subscriptionId}/deliveries to see what Plextera actually sent to your endpoint - newest first, with an optional status filter (pending, retrying, delivered, failed).
Each delivery shows its status, attemptCount, the last HTTP responseStatusCode your endpoint returned, the last error, and nextAttemptAt for scheduled retries.
This is the fastest way to debug a misbehaving webhook endpoint: if deliveries are retrying or failed, the response code and error tell you why.
Related reference
- Event Reference - webhook payload schemas and examples
- Event Subscriptions - create and manage subscriptions