Getting started
Quickstart
Send your first item and watch the webhook fire in under 5 minutes.
Before you begin
You need an Asenta account and at least one API key. Sign up at /signup, then create a key in the dashboard under Connect → API keys.- 1
Get a temporary webhook receiver
Go to webhook.site and copy your unique URL. You'll use it as your
on_approve_webhookso you can see the delivery immediately without deploying any server. - 2
Submit a test item
POST to
/api/queuewith your API key. Replacecpk_live_...with your real key and the webhook.site URL:bashcurl -X POST https://yourapp.com/api/queue \ -H "x-checkpoint-key: cpk_live_<YOUR_KEY>" \ -H "Content-Type: application/json" \ -d '{ "review_template_key": "email", "content": "<p>Hi Sarah — I wanted to reach out about your team's hiring plans for Q3.</p>", "confidence": 0.82, "segment": "outbound-email", "on_approve_webhook": "https://webhook.site/<your-id>" }'This example reviews an email, but any content type works — set
review_template_keyto a support reply, social post, product listing, moderation verdict, or one you define. A201response confirms the item is queued:json{ "id": "qi_01HX2AbCdEfGhIjKlMnOpQ", "status": "pending", "created_at": "2026-06-28T10:23:45.000Z" } - 3
Review and approve in the dashboard
Open your Asenta dashboard. The item appears in the queue. Click it to open the review pane — you'll see the AI output on the left and an editable copy on the right. Click Approve.
- 4
See the webhook fire
Refresh your webhook.site tab. You'll see a signed POST arrive with this shape:
json{ "id": "qi_01HX2AbCdEfGhIjKlMnOpQ", "content": "<p>Hi Sarah — I wanted to reach out about your team's hiring plans for Q3.</p>", "metadata": { "webhooks": { "on_approve": "https://webhook.site/<your-id>", ... } }, "event": "on_approve", "idempotency_key": "qi_01HX2...:on_approve:" }The
X-Checkpoint-Signatureheader contains an HMAC-SHA256 signature you should verify in production. See below. - 5
Verify the signature in production
Your workspace has its own webhook signing secret. Reveal or rotate it in Settings → Webhooks → Signing secret (requires the
manage_keysrole) and store it in your handler's environment asWEBHOOK_SECRET. Always verify before acting on the payload:webhook-handler.tsimport crypto from "crypto"; // Use express.raw() or equivalent to get the raw body string. app.post("/webhook", express.raw({ type: "application/json" }), (req, res) => { const sig = req.headers["x-checkpoint-signature"]; // "sha256=abc123..." const event = req.headers["x-checkpoint-event"]; // "on_approve" const expected = "sha256=" + crypto .createHmac("sha256", process.env.WEBHOOK_SECRET) .update(req.body) // raw Buffer, not parsed .digest("hex"); if (expected !== sig) return res.status(401).send("Bad signature"); const payload = JSON.parse(req.body); console.log(event, payload.id, payload.content); res.status(200).send("OK"); });Verify against the raw body. The signature covers the exact bytes we send — compact JSON with no extra whitespace. Re-parsing and re-serializing the payload (e.g. Python's
json.dumps(), which inserts spaces) changes the bytes and breaks the HMAC. - 6
(Optional) Pull style feedback
After your reviewers have edited a few items, call
GET /api/feedbackfrom your generation pipeline to pull style rules and edit-pair examples:bashcurl https://yourapp.com/api/feedback \ -H "x-checkpoint-key: cpk_live_<YOUR_KEY>"json{ "style_rules": [ { "id": "sr_01...", "segment": "outbound-email", "rule_text": "Keep subject lines under 7 words.", "source": "promoted" } ], "examples": [ { "segment": "outbound-email", "original": "<p>Hi Sarah — I wanted to reach out...</p>", "edited": "<p>Hi Sarah, quick question about Q3 hiring...</p>" } ] }Inject
style_rulesandexamplesinto your system prompt to reduce the edit rate over time.
Tip: test end-to-end without a human
Step 3 asks you to click Approve. To prove your webhook handler works with zero human interaction (handy in CI), use an audit-mode key or a gateauto_bypass rule: the item auto-approves at intake and the signed on_approve webhook fires immediately, and the intake response returns "status": "approved". See Concepts → the gate.You're integrated
Your pipeline can now submit AI output, get a human decision, and act on a signed webhook. The next step is configuring the oversight gate so high-confidence items auto-fire and only edge cases go to review.