Skip to content


It is possible to configure outgoing webhooks from Red Marker to destination URL's of your choice. This allows you to integrate Red Marker with other systems in your organisation.

Webhook Events

The following event hooks are available for sending outgoing webhooks.

Asset Import Events

Event Name Event Key Description
Import failed asset.failed.import A problem importing the Asset from the external system, for example network connectivity issues.
Validation failed asset.failed.validation A validation error against the Asset, for example it is too large.
Malware detected asset.failed.malware Scanning has detected potential malware.
Conversion failed asset.failed.conversion An error while converting the incoming Asset to PDF for Review.
Extraction failed asset.failed.extraction An error when extracting content from the Asset.

They payload of these error events will be a JSON object with the following structure (note the errors array containing diagnostic information):

  “correlationId”: 123-456,
  "event": "asset.failed.import",
  "errors": [
    “Invalid file type, can not convert .avi files”

Review Events

Event Name Event Key Description
Review failed review.failed A problem while performing a Review of the Asset.
Review finished review.finished The Review has completed successfully.

The payload of the outgoing webhook will be a JSON object with the following structure:

  "correlationId": 123-456,
  "event": "review.finished",
  "review": {
    "id": 7891011,
    "status": "finished"
  "errors": []

The Review resource can be used to interact with the data from then on using the value, including to download PDF and XFDF versions and reading detected Risks via Triggers.

In some cases, there can be a partial completion of a Review. For example, there may be a single Rule which fails to complete, but the majority of Rules are successfully run. in this case, the errors array will contain details about any Rules which did not successfully complete.

Request Verification / Signature

Webhook requests will be signed with a shared secret. The secret value will be communicated during the configuration phase by the support team. A request header Signature will be sent along with the webhook containing a value used to verify the payload. The signature is produced using a SHA256 HMAC hash made using the shared secret and the JSON body payload.

Request Retries

When the receiving application fails to respond with a 200 or 201 status code or does not respond within 5 seconds, it is considered a failure. Red Marker will retry the request using exponential backoff strategy.

By default, we wait 10 seconds between the first and second attempt, 100 seconds between the third and the fourth, 1000 between the fourth and the fifth and so on. The maximum amount of seconds that we'll wait is 100,000, which is about 27 hours.