To get notified whenever a user does a certain action webhooks are useful, instead of polling for data. We allow you to specify a URL that is hit whenever a certain event is happening so you can use that information in your application.

First register a webhook in our dashboard: https://mave.io/manage/settings

Create an endpoint

Start by creating an endpoint in your application. In our dashboard you can specify which events should be used whenever this url is hit. These events are available:

Event Description
video.created Occurs when a user creates a video embed or is created through the API.
video.processing Occurs when a user has uploaded a video and we started processing the video. It’s ready to play, but is not optimized for every browser/connection. This updates the video metadata as duration, name, poster_image and last_upload field.
video.uploaded Occurs when a user has uploaded a video and is completely processed.
video.deleted Occurs when a user deletes a video embed or is deleted through the API.

The event object that will be send to your application will look similar as what is described below. You can use this to update your application.


  "id": "j3bw2jWb6q7aWGwChsgR86", // the id of this event
  "object": "event", // type of the object send to you
  "data": {
    "created": 1643723737, // when this video embed was created
    "duration": null, // duration of the video
    "id": "k1iFD7h4rW", // the ID if you want to store it for your user and possibly webhooks
    "last_upload": null, // when a video has been uploaded
    "name": null, // name of the file or chosen name
    "object": "video", // the type of object you're looking at
    "poster_image": null, // uploaded poster or first frame of video when uploaded
    "size": null // size of the video
  }, // the data that triggered the event
  "type": "video.created", // the type of event that occured
  "created": 1643723823 // when the event was created


If you are using a certain framework that includes a CSRF token on requests, you should disable this for the webhook endpoint you defined. Instead to validate its integrity we use a secret, which can be found whenever you create a webhook in our dashboard. Make sure to store it safely in your application.

Each event that is triggered and send to your server includes a HTTP header Mave-Signature: t={signature_time}, v1={signature}. This signature can be used to verify and doesn’t expose the secret. To validate whether this signature is correct you can create one yourself using a HMAC SHA256 library to generate a signed payload. To do this you use the key: {signature_time}.{webhook secret} as key and encrypt the payload body (from the actual request). The result should be exactly the same as {signature}