Webhooks & Integrations
Receive a signed HTTP POST whenever a video is transcribed or analyzed, and route it into your own systems.
How It Works
You register a destination URL in the app's Webhooks screen and choose which events to receive. When an event fires, WATCH4ME sends a POST with a JSON body to your URL. Every delivery is HMAC-signed so you can verify authenticity.
Example Payload
The exact fields are shown in your webhook settings — treat this as an illustrative shape and confirm the live fields there.
{
"event": "ai_summary_ready",
"video": {
"id": "abc123",
"title": "Building reliable webhooks",
"url": "https://www.youtube.com/watch?v=abc123",
"channelTitle": "Example Channel"
},
"summary": "Short AI-generated summary of the video…",
"topics": ["webhooks", "automation", "reliability"],
"createdAt": "2026-06-29T10:00:00Z"
} Verifying the Signature
WATCH4ME signs the raw request body with your signing secret (HMAC-SHA256) and sends the result in a signature header. Recompute it on your side and compare in constant time:
import crypto from 'node:crypto';
// Recompute the HMAC over the RAW request body and compare in constant time.
export function verifySignature(rawBody, signatureHeader, signingSecret) {
const expected = crypto
.createHmac('sha256', signingSecret)
.update(rawBody)
.digest('hex');
const a = Buffer.from(expected);
const b = Buffer.from(signatureHeader || '');
return a.length === b.length && crypto.timingSafeEqual(a, b);
} A Minimal Receiver (Express)
Always verify against the raw body — parsing first can change bytes and break the signature.
import express from 'express';
const app = express();
// IMPORTANT: use the raw body so the signature matches byte-for-byte.
app.post('/webhooks/watchforme', express.raw({ type: 'application/json' }), (req, res) => {
const sig = req.header('X-WATCH4ME-Signature');
if (!verifySignature(req.body, sig, process.env.WATCHFORME_SIGNING_SECRET)) {
return res.status(401).send('invalid signature');
}
const payload = JSON.parse(req.body.toString('utf8'));
// handle payload.event …
res.sendStatus(200); // ack quickly; do slow work async
}); Best Practices
- Respond
2xxfast, then do heavy work asynchronously. - Make handlers idempotent — the same event may be delivered more than once.
- Store the signing secret securely (env var, never in client code).
- Log deliveries; the app also keeps a delivery history you can review.
No-Code Options
Point the webhook at Zapier, Make or n8n to fan results out to hundreds of apps without writing a receiver.