Webhooks
Consent project webhooks and Rights delete webhook Systems.
Webhooks
Source: app_docs/guide/connectors.md, app_docs/guide/consent.md, app_docs/sdk/GettingStarted.md, app_docs/guide/sdk.md.
Erasure has two different outbound webhook ideas. Do not mix them up.
1. Project consent webhook (Anumati)
Optional project setting: notify your backend when consent updates.
| Topic | Documented behaviour |
|---|---|
| Event | consent.updated (product docs / SDK getting started) |
| Signature header | X-Anumati-Signature — HMAC-SHA256 of the raw body |
| Secret | Signing secret encrypted at rest (same encryption class as connector secrets) |
| Delivery | HMAC signature; SSRF checks; no unsafe redirects |
| Console | Project settings; webhook get/put; regenerate secret (Owner); test when supported |
| SDK note | Express/Fastify integrations verify webhooks on the server while the banner runs in the browser |
Config surface (operator API group): project webhook get/put, regenerate secret (Owner), test — under project-scoped Anumati platform routes.
TODO: Publish full JSON payload schema field-by-field when product docs export a frozen public schema. Until then, verify signature on the raw body and treat unknown fields as additive.
2. Rights Webhook System
A System connector type that receives signed delete notifications when Rights jobs run.
| Topic | Documented behaviour |
|---|---|
| Where | Rights → Systems → Webhook |
| Config | Endpoint URL |
| Auth | Signing secret (encrypted at rest) |
| Execution | POST signed payload; no redirect following |
| Limits | Delivery retries limited; treat as notification, not sole delete |
| Rotate | Owner rotate; may reveal secrets once |
Guide: Connect a Webhook.
Security checklist
- Secrets never committed
- Signature verified (consent:
X-Anumati-Signature, HMAC-SHA256 raw body) - Endpoint not open redirector
- Idempotent handling on your side (retries exist for jobs)
- SSRF-safe endpoints