Authentication
Executions
Browser Sessions
Instructor
- POSTCreate instructor session
- POSTCreate instructor session (synchronous)
- POSTList instructor executions
- POSTProcess prompt with accessibility tree
- POSTCreate instructor session
- POSTStop instructor session
- POSTStart recording instructor session
- POSTStop recording instructor session
- POSTRun single block
- POSTRun sequence of blocks
- POSTGet recovery agent status
Webhooks
Event
Webhook triggered when an event occurs
Secure your endpoint
Verify that all webhook requests are generated by Kaizen by checking the signature in each request’sX-Webhooks-Signature header.
Verify the signature
Each webhook request includes these headers:X-Webhooks-Signature: HMAC signature (includes version prefix)X-Webhooks-Timestamp: Unix timestamp in secondsX-Webhooks-Id: Unique identifier for this webhook delivery
- Extract the signature from
X-Webhooks-Signature(remove the version prefix) - Get the timestamp from
X-Webhooks-Timestamp - Get the webhook ID from
X-Webhooks-Id - Read the raw request body as a string (before JSON parsing)
- Construct the signed payload:
{webhookId}.{timestamp}.{raw_body} - Compute HMAC-SHA256 of the signed payload using your decoded secret
- Compare the computed signature with the received signature using constant-time comparison
Code Examples
const crypto = require('crypto');
function verifyWebhookSignature(
webhookId,
payload,
signature,
timestamp,
secret
) {
const signedPayload = `${webhookId}.${timestamp}.${payload}`;
const keyBytes = Buffer.from(secret, 'base64url');
const expectedSignature = crypto
.createHmac('sha256', keyBytes)
.update(signedPayload, 'utf8')
.digest('hex');
if (signature.length !== expectedSignature.length) {
return false;
}
return crypto.timingSafeEqual(
Buffer.from(signature, 'hex'),
Buffer.from(expectedSignature, 'hex')
);
}
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
const webhookId = req.headers['x-webhooks-id'];
const signatureHeader = req.headers['x-webhooks-signature'];
const timestamp = req.headers['x-webhooks-timestamp'];
if (!webhookId || !signatureHeader || !timestamp) {
return res.status(401).json({ error: 'Missing required headers' });
}
const signature = signatureHeader.replace(/^v\d+=/, '');
const payload = req.body.toString();
const webhookSecret = process.env.WEBHOOK_SECRET;
if (
!webhookSecret ||
!verifyWebhookSignature(
webhookId,
payload,
signature,
timestamp,
webhookSecret
)
) {
return res.status(401).json({ error: 'Invalid signature' });
}
const event = JSON.parse(payload);
// Process the webhook event
res.status(200).json({ received: true });
});
Body
- Execution: Completed
- Execution: Downloads Complete
A webhook event payload containing event type and data
"execution.complete"Data about the completed execution.
- Completed Execution
- Failed Execution
Show child attributes
Show child attributes
Unique identifier for the execution
Authentication responses for this execution
- In Progress Authentication
- Enqueued Authentication
- Finished Authentication
- Failed Authentication
Show child attributes
Show child attributes
When the execution started
Execution name
The block where execution started, if specified
- Login
- Form Block
- FillDocument
- Fill Spreadsheet
- Mouse Block
- Hover Block
- Search
- Input
- Date Input
- Dropdown
- Extract
- ParseDocument
- Extract from Input
- Extract Images
- QueryKnowledgeBase
- FindDocument
- API
- CreateServiceTitanBooking
- Navigate
- Close Page
- Close Popup
- Multistep
- Option 23
- Network Request Block
- Wait
- WaitForCondition
- Wait For Captcha Solve
- Fail
- Option 29
- Option 30
- Option 31
- Option 32
- Option 33
- Download File Block
- Save As PDF Block
- CodeV2
- Transform
- Parse to CSV
- Exit From Loop
- Next
- Loop
- If
Show child attributes
Show child attributes
"Login"Show child attributes
Show child attributes
sequence, trueSequence, falseSequence Show child attributes
Show child attributes
Session authentication responses with login summary for this execution
Show child attributes
Show child attributes
ID of the context authentication
Show child attributes
Show child attributes
ID of the login used for authentication
Name of the login used for authentication
Whether this login requires manual authentication
Current status of the authentication from browser context
Unauthenticated, AuthenticationInProgress, Authenticated ID of the session associated with this execution
Duration of the execution in milliseconds
When the execution completed (if finished)
Preview of the response from the execution
File containing the complete execution response as JSON
Show child attributes
Show child attributes
Unique identifier for the file
Name of the file
MIME type of the file
Size of the file in bytes
URL to download the file
Key identifier for the file (for example, a key provided when completing a download for the file).
ID of the browser session used for execution
Vendor-specific session ID from the serverless browser provider
Completed File downloads from the execution
Show child attributes
Show child attributes
pending, in_progress, success, failed Show child attributes
Show child attributes
Unique identifier for the file
Name of the file
MIME type of the file
Size of the file in bytes
Signed URL to download the file directly
Key identifier for the file (for example, a key provided when completing a download for the file).
ID of the parent execution that triggered this execution
Response
Webhook received successfully