Getting started

Quickstart

Send your first item and watch the webhook fire in under 5 minutes.

Before you begin

You need an Asenta account and at least one API key. Sign up at /signup, then create a key in the dashboard under Connect → API keys.
  1. 1

    Get a temporary webhook receiver

    Go to webhook.site and copy your unique URL. You'll use it as your on_approve_webhook so you can see the delivery immediately without deploying any server.

  2. 2

    Submit a test item

    POST to /api/queue with your API key. Replace cpk_live_... with your real key and the webhook.site URL:

    bash
    curl -X POST https://yourapp.com/api/queue \
      -H "x-checkpoint-key: cpk_live_<YOUR_KEY>" \
      -H "Content-Type: application/json" \
      -d '{
        "review_template_key": "email",
        "content": "<p>Hi Sarah — I wanted to reach out about your team's hiring plans for Q3.</p>",
        "confidence": 0.82,
        "segment": "outbound-email",
        "on_approve_webhook": "https://webhook.site/<your-id>"
      }'

    This example reviews an email, but any content type works — set review_template_key to a support reply, social post, product listing, moderation verdict, or one you define. A 201 response confirms the item is queued:

    json
    {
      "id": "qi_01HX2AbCdEfGhIjKlMnOpQ",
      "status": "pending",
      "created_at": "2026-06-28T10:23:45.000Z"
    }
  3. 3

    Review and approve in the dashboard

    Open your Asenta dashboard. The item appears in the queue. Click it to open the review pane — you'll see the AI output on the left and an editable copy on the right. Click Approve.

  4. 4

    See the webhook fire

    Refresh your webhook.site tab. You'll see a signed POST arrive with this shape:

    json
    {
      "id": "qi_01HX2AbCdEfGhIjKlMnOpQ",
      "content": "<p>Hi Sarah — I wanted to reach out about your team's hiring plans for Q3.</p>",
      "metadata": { "webhooks": { "on_approve": "https://webhook.site/<your-id>", ... } },
      "event": "on_approve",
      "idempotency_key": "qi_01HX2...:on_approve:"
    }

    The X-Checkpoint-Signature header contains an HMAC-SHA256 signature you should verify in production. See below.

  5. 5

    Verify the signature in production

    Your workspace has its own webhook signing secret. Reveal or rotate it in Settings → Webhooks → Signing secret (requires the manage_keys role) and store it in your handler's environment as WEBHOOK_SECRET. Always verify before acting on the payload:

    webhook-handler.ts
    import crypto from "crypto";
    
    // Use express.raw() or equivalent to get the raw body string.
    app.post("/webhook", express.raw({ type: "application/json" }), (req, res) => {
      const sig = req.headers["x-checkpoint-signature"]; // "sha256=abc123..."
      const event = req.headers["x-checkpoint-event"];   // "on_approve"
    
      const expected = "sha256=" + crypto
        .createHmac("sha256", process.env.WEBHOOK_SECRET)
        .update(req.body)           // raw Buffer, not parsed
        .digest("hex");
    
      if (expected !== sig) return res.status(401).send("Bad signature");
    
      const payload = JSON.parse(req.body);
      console.log(event, payload.id, payload.content);
      res.status(200).send("OK");
    });

    Verify against the raw body. The signature covers the exact bytes we send — compact JSON with no extra whitespace. Re-parsing and re-serializing the payload (e.g. Python's json.dumps(), which inserts spaces) changes the bytes and breaks the HMAC.

  6. 6

    (Optional) Pull style feedback

    After your reviewers have edited a few items, call GET /api/feedback from your generation pipeline to pull style rules and edit-pair examples:

    bash
    curl https://yourapp.com/api/feedback \
      -H "x-checkpoint-key: cpk_live_<YOUR_KEY>"
    json
    {
      "style_rules": [
        { "id": "sr_01...", "segment": "outbound-email", "rule_text": "Keep subject lines under 7 words.", "source": "promoted" }
      ],
      "examples": [
        {
          "segment": "outbound-email",
          "original": "<p>Hi Sarah — I wanted to reach out...</p>",
          "edited": "<p>Hi Sarah, quick question about Q3 hiring...</p>"
        }
      ]
    }

    Inject style_rules and examples into your system prompt to reduce the edit rate over time.

Tip: test end-to-end without a human

Step 3 asks you to click Approve. To prove your webhook handler works with zero human interaction (handy in CI), use an audit-mode key or a gate auto_bypass rule: the item auto-approves at intake and the signed on_approve webhook fires immediately, and the intake response returns "status": "approved". See Concepts → the gate.

You're integrated

Your pipeline can now submit AI output, get a human decision, and act on a signed webhook. The next step is configuring the oversight gate so high-confidence items auto-fire and only edge cases go to review.