Webhooks

Fire an HTTP POST to your server every time a file is uploaded. Build automations, trigger notifications, sync databases — without polling.

Setup

Go to Dashboard → your connection → Webhooks
Enter your endpoint URL (must be https://)
Click Save — a test event is sent immediately to verify delivery

Payload

Every upload fires a POST request with Content-Type: application/json:

{
  "event": "file.uploaded",
  "connection_id": "abc-123",
  "widget_id": "wgt-456",
  "timestamp": "2026-02-27T14:32:05Z",
  "file": {
    "id": "1BxiMVs0XRA5nFMdKvBdBZjgmUUqptlbs74OgVE2upms",
    "name": "resume.pdf",
    "size": 204800,
    "mime_type": "application/pdf",
    "web_view_link": "https://drive.google.com/file/d/1Bxi.../view"
  },
  "fields": {
    "name": "Priya Sharma",
    "email": "priya@example.com"
  }
}

fields contains any form field values submitted alongside the file. Empty object {} if no form fields are configured.

Verifying authenticity

Each request includes a signature header:

X-DriveWidget-Signature: sha256=abc123...

Verify it in your handler to ensure the request came from DriveWidget:

Node.js

const crypto = require("crypto");

function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return `sha256=${expected}` === signature;
}

// Express handler
app.post("/webhook", express.raw({ type: "application/json" }), (req, res) => {
  const sig = req.headers["x-drivewidget-signature"];
  if (!verifySignature(req.body, sig, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send("Invalid signature");
  }
  const event = JSON.parse(req.body);
  console.log("File uploaded:", event.file.name);
  res.sendStatus(200);
});

Python (Flask)

import hmac, hashlib, json
from flask import Flask, request, abort

app = Flask(__name__)
WEBHOOK_SECRET = "your_webhook_secret"

@app.post("/webhook")
def webhook():
    sig = request.headers.get("X-DriveWidget-Signature", "")
    digest = hmac.new(WEBHOOK_SECRET.encode(), request.data, hashlib.sha256).hexdigest()
    if not hmac.compare_digest(f"sha256={digest}", sig):
        abort(401)
    event = request.json
    print("File uploaded:", event["file"]["name"])
    return "", 200

Find your webhook secret in Dashboard → connection → Webhooks → Secret.

Responding

Your endpoint must return 200 OK within 10 seconds. If it doesn't, DriveWidget retries:

Attempt	Delay
1st retry	1 minute
2nd retry	10 minutes
3rd retry	1 hour

After 3 failed attempts, the event is marked failed and no further retries are made. You can view delivery logs in the dashboard.

Use cases

Email notification — Send a "file received" email to your client
Slack alert — Post to a channel when a new file arrives
Database sync — Log uploads to your own database
Zapier / Make — Connect to 1,000+ apps by pointing to your Zap's webhook URL
Auto-process — Trigger a PDF merger, image resizer, or virus scanner
CRM update — Mark a deal stage as "Documents received"

Next steps

REST API → — Pull files and metadata programmatically
Embed Widget → — Configure form fields included in webhook payloads
Client Portals → — Collect files from clients with one link
Quickstart → — Get your first widget live in 5 minutes