Webhooks¶

Receive real-time notifications when solar optimization jobs complete or fail.

How It Works¶

Register a webhook URL via POST /solar/webhooks/register
Subscribe to events (solar.optimization.completed, solar.optimization.failed)
When an event fires, we POST a signed JSON payload to your URL

Register a Webhook¶

curl -X POST https://api.tessellaterenewables.com/solar/webhooks/register \
  -H "X-API-Key: tess_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://yourapp.com/webhooks/tessellate",
    "events": ["solar.optimization.completed", "solar.optimization.failed"],
    "name": "Production Webhook"
  }'

Response:

{
  "id": "wh_abc123",
  "url": "https://yourapp.com/webhooks/tessellate",
  "events": ["solar.optimization.completed", "solar.optimization.failed"],
  "active": true,
  "secret": "whsec_abc123...",
  "stats": {"total": 0, "failed": 0}
}

Store the secret

The secret is only returned on creation. Use it to verify webhook signatures.

Verify Signatures¶

Each webhook includes an X-Webhook-Signature header with an HMAC-SHA256 signature:

import hmac
import hashlib

def verify_signature(payload: bytes, signature: str, secret: str) -> bool:
    expected = hmac.new(
        secret.encode(), payload, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", signature)

Manage Webhooks¶

Method	Endpoint	Description
`POST`	`/solar/webhooks/register`	Register new webhook
`GET`	`/solar/webhooks/`	List all webhooks
`DELETE`	`/solar/webhooks/{id}`	Delete a webhook
`POST`	`/solar/webhooks/{id}/test`	Send test event
`GET`	`/solar/webhooks/events`	List available events