To get notified whenever a user does a certain action webhooks are useful, instead of polling for data. We allow you to specify a URL that is hit whenever a certain event is happening so you can use that information in your application.


First register a webhook in Mave's dashboard

You can do this by going to

Create an endpoint

Start by creating an endpoint in your application. In our dashboard you can specify which events should be used whenever this url is hit. These events are available:




Occurs when a user creates a video embed or is created through the API.


Occurs when a user has uploaded a video and is completely processed and ready to play. This updates the last_upload field.


Occurs when a user deletes a video embed or is deleted through the API.

The event object that will be send to your application will look similar as what is described below. You can use this to update your application.

  "id": "j3bw2jWb6q7aWGwChsgR86", // the id of this event
  "object": "event", // type of the object send to you
  "data": {
    "created": 1643723737,
    "embed_url": "",
    "id": "k1iFD7h4rW",
    "last_upload": null,
    "object": "video"
  }, // the data that triggered the event
  "type": "video.created", // the type of event that occured
  "created": 1643723823 // when the event was created


If you are using a certain framework that includes a CSRF token on requests, you should disable this for the webhook endpoint you defined. Instead to validate its integrity we use a secret, which can be found whenever you create a webhook in our dashboard. Make sure to store it safely in your application.

Each event that is triggered and send to your server includes a HTTP header Mave-Signature: t={signature_time}, v1={signature}. This signature can be used to verify and doesn't expose the secret. To validate whether this signature is correct you can create one yourself using a HMAC SHA256 library to generate a signed payload. To do this you use the key: {signature_time}.{webhook secret} as key and encrypt the payload body (from the actual request). The result should be exactly the same as {signature}