Webhooks
MSD classifications can be pushed to your endpoint as soon as they are published. This page covers the three things teams ask about most. Live wire-format details live in the API portal so they stay in lock-step with the deployed signing key.
Signature verification
Every webhook delivery is signed with an HMAC over the request body and a shared secret issued with your integration key. Verify the signature before trusting the payload — drop any request whose computed signature doesn’t match the header value.
The exact header name, hashing algorithm, and timestamp tolerance are documented in the API portal so they always match the active deployment.
Retry policy
Non-2xx responses are retried with exponential backoff. Your endpoint must be idempotent — the same delivery may arrive more than once. Each delivery carries a unique delivery_id; deduplicate on it.
Exact retry counts and intervals are in the API portal. Persistent failures eventually drop the delivery — we’ll email support@mindforge.tech if your endpoint is failing repeatedly.
Timeout requirements
Acknowledge fast — return a 2xx as soon as you’ve persisted the delivery. Push downstream work (alerts, ticketing, dashboards) to a queue. Long-running handlers will be cut off and the delivery will retry.
The current ack timeout is in the API portal.
Wire-format reference
Header names, signature algorithm, retry intervals, and timeout values live in the API documentation portal. They version with the deploy.
Open API portalDon’t have webhook access yet?
Webhooks aren’t enabled by default on pilot accounts. Email support@mindforge.tech with your registered email and a short note on what you’re building. We’ll issue a signing secret and send the integration packet within one business day.
Research use only. Not investment advice. Past performance ≠ future results. mindforge.tech/terms · mindforge.tech/validation-and-methods