Webhooks are a resource that can be used to enabled complex workflows and real-time use cases.

Instead of polling the API for static data or consistently exporting labels, webhooks allow subscriptions to data when certain actions are performed – leading to notifications of these events. They can be configured to notify services you have set up, and can fit within a larger workflow in your model development. We’ll send a POST payload with the relevant information each time a webhook is triggered.

Webhooks can be enabled organization-wide or on specific projects you choose.

The terms we use for webhooks are webhooks, topics, and notifications.

A Webhook is the main interface for subscribing to events that occur within Labelbox. On creation, it takes in: * URL endpoint: the URL notifications are sent to * Topics: the list of events (below) notifications are sent for * Secret: a secret used to validate the request is coming from Labelbox (more information below) * Project: (optional) a specific project that the notifications should correspond to


Topics are the events that a webhook can be subscribed to. We currently support the following topics: - LABEL_CREATED, LABEL_UPDATED, LABEL_DELETED - REVIEW_CREATED, REVIEW_UPDATED


Each time a webhook POST payload is sent, a Notification will be recorded to capture the request and response itself, along with all relevant metadata about the POST. It includes the request header, request body, response headers, response body, and response code. This enabled you to verify webhooks are successfully sending data and to debug any potential issues when setting up webhooks.


In order to verify that notifications are coming from Labelbox and not elsewhere, we have the request header X-Hub-Signature. This header is created using the secret you provided when creating the webhook and the request body payload. A SHA-1 hash is created using the body and encrypted using the secret as the key. You can verify this is valid webhook notification by creating your own SHA-1 hash using the payload and secret, and validating it is the same as in the header.

Integration Walk Through

To develop a new integration using webhooks you can follow the below workflow.

from flask import Flask, request
import json
import hmac
import hashlib
app = Flask(__name__)

def hello_world():
return 'Hello, World!'

# Make sure this is the same secret you provided in the webhook creation
secret = 'example_secret'

@app.route('/webhook-endpoint', methods=['POST'])
def print_webhook_info():
payload = request.data
computed_signature = hmac.new(secret, msg=payload, digestmod=hashlib.sha1).hexdigest()
if request.headers['X-Hub-Signature'] != 'sha1='+computed_signature:
print('Error: computed_signature does not match signature provided in the headers')
return 'Error'

print('=========== New Webook Delivery ============')
print('Delivery ID: %s' % request.headers['X-Labelbox-Id'])
print('Event: %s' % request.headers['X-Labelbox-Event'])
print('Payload: %s' % json.dumps(json.loads(payload.decode('utf8')),indent=4))
return 'Success'

if __name__ == '__main__':
app.run(host='', port=3000, debug=True)

When starting the above server, you should be able to visit and see “Hello, World!”

However, Labelbox won’t be able to send messages to because it’s on your local network. You can either deploy this server or use ngrok which is a great tool that will provide a public HTTP proxy to your local endpoint.

ngrok http
# You'll recieve a public endpoint I.E. https://83a053ae.ngrok.io

Then use this ngrok URL in the below query…

Click here to explore query.

mutation CreateWebhook {

If you head to the project and create, update, or delete a label, a notification will be sent to the Python server you have created.

After verifying and when entering production, the following update query will change to the production URL.

mutation UpdateWebhook {
}, data:{

Use this mutation to remove a webhook.


Was this page helpful?