Get notified with webhooks

For all destinations, you can subscribe to a webhook Shakr sends whenever external upload is finished.


To get started, contact Shakr's customer success team and share your web endpoint that will be triggered. Once it's registered, you'll start receiving event to your endpoint with POST method.


Here are example payloads you can expect:

"render_session_id": "RENDER_SESSION_ID",
"to": "fbadact://act_123",

In this payload, remote_id key represents AdVideo ID created in Facebook Ad Account you have specified in to key.


Since Webhook endpoint on your server is accessible to the internet, it is possible that attackers might be able to find out the existence of the endpoint and send malicious requests to it. We send SHA-256 signature on each payload so you can verify requests on your end.

Signature is included in the header of Webhook request as X-Shakr-Signature. You can verify signature with your client_id, like this:

require "json"
require "rack"
digest ="sha256")
# Get your client_id, used when retrieving an access token
client_id = "YOUR_SHAKR_CLIENT_ID"
# Get "X-Shakr-Signature" header from Shakr API response
# Example: request.env["HTTP_X_SHAKR_SIGNATURE"] when using Sinatra
returned_signature = "HEADER_RETURNED_FROM_SHAKR_API"
# Get raw body returned from Shakr API response
# Example: request.body when using Sinatra
calculated_signature = OpenSSL::HMAC.hexdigest(digest, client_id, body)
calculated_signature_str = "sha256=#{calculated_signature}"
# Use secure comparison method to prevent timing attack
# Returns true if matches
Rack::Utils.secure_compare(returned_signature, calculated_signature_str)

You need to add sha256= in front of the signature string before comparison.

Prevent timing attack

Plain == operator may expose certain timing attack possibilities to attackers. We strongly recommend using Constant time string comparison methods, like Ruby Rack's secure_compare, PHP's hash_equals, or Python's hmac.compare_digest.