Enterprise partners can now leverage real-time callbacks for Google Gemini API batch operations and video generation tasks. We have deployed inbound webhook endpoints on both our Go and Node.js backend services, securing them with robust cryptographic validation.
Synchronous vs. Asynchronous Integration
To optimize response times and resource utilization, our platform separates diagnostic execution lanes:
- Standard Diagnostic Queries: Mobile app diagnostics and standard user queries are processed synchronously in real-time using immediate API endpoints or transactional task queues that call the AI engine directly.
- Gemini API Webhooks: Exclusively reserved for asynchronous long-running operations—including bulk B2B batch evaluations, explanatory video generation, and agent-orchestration workloads.
Cryptographic Security Standards
To guarantee authenticity, our handlers support dual-mode signature validation:
- Static Symmetric Signatures: Project-level webhooks sign payloads using Standard Webhooks HMAC-SHA256, validated against our signing secrets with timing-safe comparison to prevent timing attacks. Replay attacks are mitigated via strict timestamp window validation (<5 minutes).
- Dynamic Asymmetric Signatures: Request-level webhooks sign payloads with RS256 JWT tokens, verified dynamically using Google’s public JSON Web Key Set (JWKS) fetched from the official Google Generative Language endpoint.
Architecture Highlights
- Idempotency & Deduplication: Atomic check-and-create triggers in the database prevent processing duplicate payloads.
- Asynchronous Dispatching: Verified payloads are published to internal messaging topics for worker state updates, ensuring rapid response times.
- Quota Integrity: Quota billing is completed atomically only after a batch run completes successfully.
Upgrade your enterprise integration today to leverage secure, real-time callbacks!