Trust in the Lord with all your heart, and do not lean on your own understanding.

Proverbs 3:5
Join/Login (Free)

title: Website Webhook Integration description: How to receive approved DailyLife content on your website. public: true reviewed: 23042026

Website Webhook Integration

DailyLife can send approved content to your website using a signed webhook.

This page covers:

  • payload format
  • signature verification
  • delivery behaviour
  • troubleshooting

When Deliveries Happen

DailyLife sends a webhook after a manager approves content for publication.

Supported event values:

  • gallery.published
  • events.published
  • careers.published

Request Details

  • Method: POST
  • Content type: application/json
  • Signature header: X-DailyLife-Signature

The signature header uses this format:

sha256=<hex_digest>

Payload Format

{
  "event": "gallery.published",
  "version": "1.0",
  "timestamp": "2026-04-23T18:10:00Z",
  "org_id": "00000000-0000-0000-0000-000000000000",
  "post": {
    "id": "11111111-1111-1111-1111-111111111111",
    "title": "Afternoon activity update",
    "body": "A short update ready for publication.",
    "category": "activities",
    "tags": ["activities", "community"],
    "images": [
      { "path": "media/path/example.jpg" }
    ],
    "approved_at": "2026-04-23T18:09:30Z"
  }
}

Notes:

  • event identifies the content stream.
  • timestamp is the delivery generation time in UTC.
  • post.images contains one or more media paths supplied during content creation.

Signature Verification

You must verify the signature against the raw request body before processing the payload.

Verification steps:

  1. Read the raw body as bytes/text without reformatting.
  2. Compute HMAC-SHA256(raw_body, your_shared_secret).
  3. Compare your computed value with the value in X-DailyLife-Signature.
  4. Reject the request if values do not match.

Pseudocode:

rawBody = readRawBody(request)
header = request.headers["X-DailyLife-Signature"]  // e.g. "sha256=abc123..."
received = header.removePrefix("sha256=")
computed = HMAC_SHA256_HEX(sharedSecret, rawBody)

if !timingSafeEqual(received, computed):
  return 401

payload = parseJson(rawBody)
process(payload)
return 200

Retry Behaviour

If your endpoint does not return a success response, DailyLife retries:

  • Attempt 1: immediate
  • Attempt 2: +5 minutes
  • Attempt 3: +15 minutes

After the third failed attempt, the delivery is marked as failed.

Response Expectations

Return:

  • 2xx when you have accepted and processed the payload
  • 4xx if the request is invalid (for example, signature mismatch)
  • 5xx if your service is temporarily unavailable

Idempotency Recommendation

Treat deliveries as idempotent by storing processed delivery identifiers from the payload and ignoring duplicates.

Troubleshooting

  • Signature mismatch: check that you verify the raw body and correct shared secret.
  • Duplicate content: add idempotency checks using payload identifiers.
  • Missing content: ensure your endpoint returns 2xx only after successful processing.