knowmindknowmind
DokumentationQuickstartAnbindungReferenzFehlerbehebung
DEEN
knowmindknowmind
DocumentationQuickstartIntegrationsReferenceTroubleshooting
DEEN

Tasks

Set up webhooks

On request, knowmind sends HTTP POSTs to your URL whenever something happens in your workspace: new memory, new relation, plan change. This guide walks through registration, signature verification and retry behaviour.

Audience
Developers on Business API or Enterprise. Familiarity with HTTP, JSON and HMAC signatures helps.

Prerequisites

  • knowmind account on Business API or Enterprise
  • A reachable HTTPS endpoint under your control (your own API, an n8n webhook node, a Zapier webhook)
  • A secure place to store a secret

Steps

  1. 1

    Register the webhook in the dashboard

    In the dashboard go to Webhooks, then "Create webhook". Enter the URL (HTTPS is required), pick the events you want, optionally add a description. Click "Create".

    Outcome: knowmind shows the HMAC secret once — copy and store it securely now. Afterwards it cannot be retrieved.

  2. 2

    Send a test event

    In the webhook list, click the test button next to the new entry. knowmind sends a webhook of type webhook.test.

    Outcome: Your endpoint's log shows the test request.

  3. 3

    Verify the signature

    Every webhook carries X-knowmind-Signature with value sha256=<hex> — the HMAC-SHA256 of the unmodified raw body with your secret as the key. Always verify the signature before processing the body.

    ts
    // Node.js / Next.js
import { createHmac, timingSafeEqual } from "node:crypto";

export function verifyKnowmindSignature(
  body: string,
  header: string,
  secret: string,
): boolean {
  const mac = createHmac("sha256", secret).update(body).digest("hex");
  const expected = "sha256=" + mac;
  if (header.length !== expected.length) return false;
  return timingSafeEqual(Buffer.from(header), Buffer.from(expected));
}
    python
    import hmac, hashlib

def verify_knowmind_signature(body: bytes, header: str, secret: str) -> bool:
    mac = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
    expected = "sha256=" + mac
    return hmac.compare_digest(header, expected)
  4. 4

    Understand retry behaviour

    knowmind expects HTTP 2xx within 15 seconds. Anything else (timeout, 4xx, 5xx) triggers a retry with exponential backoff: immediately, then after 1 minute, 5 minutes, 30 minutes, 2 hours, 12 hours. After six failed attempts the delivery is marked dead. After 20 consecutive failures the entire subscription is disabled.

Verify the result

  • In the dashboard, the webhook's "last success" shows a recent timestamp.
  • Your endpoint logged the test request.
  • Your signature verification returns true.

Troubleshooting

Error messageCauseResolution
Webhook creation reports "Not on this plan"Current plan below Business API.Move to Business API or Enterprise.
Signature does not matchA framework altered the raw body (trim, re-serialisation).Use the exact raw body (string or bytes) in the handler, not the parsed JSON. Express: bodyParser.raw({ type: 'application/json' }). Next.js: req.text() before JSON parsing.
Webhook is not deliveredEndpoint does not return 2xx within 15 seconds — knowmind retries later.Return 2xx immediately and push processing into a background queue. Use the X-knowmind-Delivery header as an idempotency key so retries do not cause duplicate processing.
Subscription disabled20 consecutive delivery failures.Fix the cause on your endpoint and manually reactivate the subscription in the dashboard.

Related