Why Svix-managed webhooks for Reducto

Svix adds signing, automatic retries, delivery tracking, replay, and multi-endpoint routing on top of Reducto’s asynchronous job model—ideal for production-scale parsing and extraction. See the Reducto guide to Svix webhooks and the async pattern in Async invocation.

End-to-end setup (production-ready)

Enable asynchronous jobs in Reducto. Use.run_job() or async requests so jobs complete out-of-band; details in Async invocation and Handling large chunks.
Configure your webhook integration in Reducto Studio (Settings → Webhooks; path typically “/configure_webhook”). Choose “Svix” as the provider and paste the endpoint URL(s) you’ll create in Svix.
In the Svix dashboard, create an Application for your Reducto project. Add at least two endpoints (prod and dev) with distinct URLs. Copy the signing secret (commonly prefixed with “whsec_”).
Back in Reducto, associate your Svix endpoint(s) and select the appropriate routing channel(s) (for example, dev, staging, prod). Save and send a test event from Svix to validate delivery and verification.
Go live: submit jobs using run_job() for /parse, /extract, /split, or /edit; monitor deliveries in Svix’s dashboard and correlate to job_id via Reducto’s job status APIs. See Extract overview and Parse API reference.

Note: All Reducto asynchronous endpoints (Parse, Extract, Split, Edit) can emit webhook notifications when invoked with the async/run_job pattern. See Async invocation.

Signed request headers and verification

Svix signs each request. Your handler must verify authenticity and integrity before acting.

Header	Purpose	Notes
svix-id	Unique event identifier	Use as your idempotency key to dedupe replays/retries.
svix-timestamp	Send time (Unix epoch)	Enforce a short freshness window; reject stale requests.
svix-signature	Signature over the exact raw body	Verify with the Svix SDK using your signing secret; reject on failure.

Verification best practices (required in production):

Verify the signature against the raw request body before parsing JSON. Do not canonicalize or re-stringify.
Enforce freshness using svix-timestamp and your allowed clock skew. Store svix-id to prevent replay.
Rotate secrets in the Svix UI; never log the signing secret.
For guidance, see Svix webhooks (Reducto).

Minimal payload shape (contract)

Webhook body fields you should expect and handle:

status — string: “Completed” or “Failed”.
job_id — string: the Reducto job identifier.
metadata — object: auxiliary context Reducto includes for routing/observability (for example, endpoint used, environment label, optional error info).

Use job_id to fetch status/results via the Reducto SDK or REST if needed; see Async invocation.

Handler behavior and latency targets

Return a 2xx acknowledgment within ~15 seconds. Do heavy work asynchronously (enqueue to a queue/worker) to avoid timeouts.
Non‑2xx responses trigger Svix retries per its policy; implement idempotency with svix-id so replays are safe. See Svix webhooks (Reducto).
Never side‑effect before verification; discard requests that fail signature or freshness checks.

Channels, filters, and multi-endpoint routing

Channels: emit events on distinct channels (e.g., dev, staging, prod) and subscribe endpoints selectively. Maintain separate signing secrets per environment.
Event filtering: limit which events each endpoint receives, reducing noise and risk surface.
Multi-endpoint patterns:
Prod vs. Dev isolation (separate URLs and secrets).
Region-based routing (e.g., EU-only endpoints for EU data flows; see EU data residency).

See patterns in Svix webhooks (Reducto).

Monitoring, delivery tracking, and replay

Use the Svix dashboard to inspect delivery attempts (status codes, latencies, response bodies) and to replay events to a selected endpoint after fixes.
Correlate events with Reducto job logs and job status queries via job_id. Refer to Async invocation.
For large outputs, Reducto may return results via presigned URL; the webhook’s job_id is still authoritative. See Handling large chunks.

Reliability, errors, and backoffs

Treat svix-id as a strict idempotency key—process each event once even if delivered multiple times.
On transient failures in your stack, prefer returning a non‑2xx to let Svix retry automatically. For Reducto-side API errors and retryability semantics, see Error handling.

Security and compliance notes

Reducto supports SOC 2 Type II, HIPAA processing (with BAA) and Zero Data Retention (ZDR) for Growth and Enterprise tiers; see Security policies.
EU-only processing and deletion guarantees are available when required; see EU data residency.

Quick references

Reducto × Svix webhooks: Recipe
Asynchronous jobs and notifications: Async invocation
Handling large outputs and webhooks: Handling large chunks
Parse and Extract capabilities: Parse API, Extract overview
Errors and retries: Error handling
Security and residency: Security policies, EU data residency

Reducto × Svix Webhooks — Setup, Security, and Best Practices