GET /v1/jobs/:id, you register a webhook on a search and we deliver the complete Envelope to your endpoint the moment each child job reaches a terminal state.
One child is created per surface × region. You receive one webhook delivery per child, each carrying that child’s full Envelope. Prefer webhooks over polling whenever you request more than one surface or region.
Register a webhook
Add awebhook object to any POST /v1/search body. Both fields are required.
The HTTPS endpoint that receives deliveries. The destination is SSRF-guarded: only
http/https schemes are allowed, and private, loopback, and link-local addresses are rejected. Use a public HTTPS URL.The shared secret used to sign each delivery with HMAC-SHA256. Store it somewhere your receiver can read it, and never expose it client-side.
Delivery payload
Each delivery is an HTTPPOST with a JSON body shaped like this:
Delivery body
Unique event id (e.g.
evt_9b3c1a8e). Use it to deduplicate deliveries, since retries reuse the same id.The event type, one of
job.completed, job.partial, or job.failed. This mirrors the child’s terminal status.ISO-8601 timestamp of when the event was generated.
A compact reference to the child job:
id (the dotted child id), surface, and status.A child can complete with nothing to report: if the surface returned no answer, the Envelope carries
provenance.surfacePresent: false, a surface_absent warning, and an empty answer. The delivery type is still job.completed. Handle this as a normal, successful outcome.Verify the signature
Every delivery is signed with HMAC-SHA256 over the exact raw request bytes, encoded as lowercase hex, in theX-AISearch-Signature header.
Retries and acknowledgment
Return 2xx quickly
Respond with any
2xx status as soon as you have verified and accepted the delivery. Do the heavy work — storing the Envelope, updating your records — asynchronously. A slow handler risks a timeout, which we treat as a failed delivery.Non-2xx triggers a retry
Any non-
2xx response (or a timeout) is considered a failure, and the delivery is retried with backoff. Retries reuse the same event id, so deduplicate on it to stay idempotent.The delivery destination is validated for SSRF on every attempt: only
http/https URLs are permitted, and requests to private, loopback, and link-local addresses are refused. Point your webhook at a publicly reachable HTTPS endpoint.Related
The Envelope
The full result shape delivered in
result.Webhook secrets
Create, rotate, and revoke signing secrets.
Job lifecycle
When jobs reach the terminal states that trigger deliveries.
POST /v1/search
Submit a search and attach a webhook.