REST API

Webhooks

Receive a signed POST when jobs finish, quotas hit, or subscriptions change.

Event catalogue#

docking.completed
docking.failed
qm.parsed
qm.validation.failed
quota.exceeded
subscription.updated

Signature verification#

Every delivery includes a X-MolHub-Signature header computed as HMAC-SHA256 of the raw body using your webhook secret.

python

import hmac, hashlib
def verify(body: bytes, sig: str, secret: str) -> bool:
    expected = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, sig)

Always verify the signature before processing — anyone can POST arbitrary JSON to your endpoint.

Retries#

Non-2xx responses are retried with exponential backoff for up to 24 hours (5 attempts). Each attempt carries the same idempotency key.

Datasets API Back to intro →