Skip to main content

Overview

Webhooks V2 provides an improved webhook system with granular event subscriptions and enhanced security. You can subscribe to specific meeting lifecycle events and receive real-time notifications at your configured endpoint.
Webhooks V2 replaces the legacy webhook system. If you are currently using Webhooks V1, we recommend migrating to V2 for a better experience.

Events Supported

Webhooks V2 supports the following events:
Event NameDescription
meeting.transcribedTriggers when a meeting has been transcribed and the transcript is ready
meeting.summarizedTriggers when a meeting summary has been generated
You can subscribe to one or more events per webhook. Only events you subscribe to will be delivered.

Setting Up Webhooks V2

1
Visit the Webhooks V2 configuration page
2
Enter a valid HTTPS URL that accepts POST requests in the Webhook URL field
3
Optionally, enter a Signing Secret for payload signature verification
4
Select the events you want to subscribe to
5
Save your configuration

Webhook Payload

Each webhook notification is sent as a POST request with a JSON payload containing the following fields:
event
String
required
The event type that triggered the webhook (e.g., meeting.transcribed, meeting.summarized)
timestamp
Number
required
Unix timestamp in milliseconds indicating when the event was fired
meeting_id
String
required
Identifier for the meeting that the event relates to. This is the same as the transcript ID used throughout the Fireflies API.
client_reference_id
String
Custom identifier set by you during upload. Use this to correlate webhook events with your uploads.

Example Payloads

Meeting Transcribed 
{
  "event": "meeting.transcribed",
  "timestamp": 1710876543210,
  "meeting_id": "ASxwZxCstx",
  "client_reference_id": "be582c46-4ac9-4565-9ba6-6ab4264496a8"
}
Meeting Summarized 
{
  "event": "meeting.summarized",
  "timestamp": 1710876789456,
  "meeting_id": "ASxwZxCstx"
}

Webhook Authentication

Webhooks V2 uses HMAC-SHA256 signatures to verify that webhook payloads originate from Fireflies and have not been tampered with in transit.

How It Works

Each webhook request includes an X-Hub-Signature header containing a SHA-256 HMAC signature of the request body. The signature is computed using the signing secret you configured during setup. The signature format is: 
sha256=<hex-encoded-hmac-sha256-digest>

Verifying the Signature

1
Extract the X-Hub-Signature header from the incoming request
2
Compute the HMAC-SHA256 digest of the raw request body using your signing secret
3
Prefix the hex-encoded digest with sha256=
4
Compare the computed signature with the header value using a timing-safe comparison

Verification Examples

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature =
    'sha256=' +
    crypto.createHmac('sha256', secret).update(payload, 'utf8').digest('hex');

  const sigBuffer = Buffer.from(signature);
  const expectedBuffer = Buffer.from(expectedSignature);

  if (sigBuffer.length !== expectedBuffer.length) {
    return false;
  }

  return crypto.timingSafeEqual(sigBuffer, expectedBuffer);
}

// Express.js example
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.headers['x-hub-signature'];
  const payload = req.body.toString();

  if (!verifyWebhookSignature(payload, signature, 'your_signing_secret')) {
    return res.status(401).send('Invalid signature');
  }

  const event = JSON.parse(payload);
  console.log('Received event:', event.event, 'for meeting:', event.meeting_id);

  res.status(200).send('OK');
});

Request Headers

Each webhook delivery includes the following headers:
HeaderDescription
Content-Typeapplication/json
User-AgentFireflies-Webhook/1.0
X-Hub-SignatureHMAC-SHA256 signature (only if a signing secret is configured)

Delivery Behavior

  • Webhooks are sent as POST requests to your configured URL
  • Your endpoint must respond with a 2xx status code within 10 seconds to be considered successful
  • If your endpoint does not respond in time or returns a non-2xx status code, the delivery is marked as failed

Migrating from Webhooks V1

If you are using the legacy webhooks system, here is a summary of the key differences:
FeatureWebhooks V1Webhooks V2
ConfigurationDeveloper Settings pageDedicated setup page
EventsSingle event (Transcription completed)Multiple events (meeting.transcribed, meeting.summarized)
Event selectionAll eventsGranular event subscriptions
Payload formatmeetingId, eventTypemeeting_id, event, timestamp
Signature headerX-Hub-SignatureX-Hub-Signature
Signature formatsha256=<hex>sha256=<hex>

Migration Steps

1
Go to the Webhooks V2 setup page
2
Enter your existing webhook URL
3
If you used a signing secret, enter it in the Signing Secret field
4
Select the events you want to subscribe to (choose meeting.transcribed for equivalent V1 behavior)
5
Save and update your webhook consumer to handle the new payload format and signature header

FAQ

meeting.transcribed fires when the raw transcript is ready and available for viewing. meeting.summarized fires after the AI-generated summary (including action items, notes, and other insights) has been processed.
Yes. You can select one or more events during setup. Only events you subscribe to will trigger webhook deliveries.
  • Webhooks are only fired for meetings you own (i.e., you are the organizer_email).
  • Ensure your endpoint accepts POST requests and responds with a 2xx status code within 10 seconds.
  • Verify that you have subscribed to the correct events.
  • If using signature verification, ensure your signing secret matches what is configured.
Webhooks V1 continues to work. However, V2 offers granular event subscriptions, so we recommend migrating when convenient.

Additional Resources

Webhooks V1

Legacy webhook documentation

Upload Audio

Use the API to upload audio to Fireflies.ai