Skip to main content
WEBHOOK
workspace:quota_full:api_calls
{
  "workspace_id": "my-workspace",
  "event_type": "workspace:quota_full:api_calls",
  "partner_id": "partner_12345",
  "triggered_at": "2024-01-01T12:00:00.000Z",
  "api_calls_limit": 1000000,
  "api_calls_used": 1000000,
  "current_period_start": "2024-01-01T00:00:00.000Z",
  "current_period_end": "2024-01-31T23:59:59.000Z"
}

Headers

X-TL-Partner-Id
string
required

The unique identifier for the partner.

X-TL-Signature
string
required

A JSON Web Token (JWT) signed with your Partner Secret using the HS256 algorithm. Use this header to verify that the webhook was genuinely sent by TimelinesAI.

The JWT contains the following claims: | Claim | Description | |-------|-------------| | partner_id | Your partner identifier — must match the X-TL-Partner-Id header | | nbf | Not-before timestamp (Unix epoch) | | exp | Expiration timestamp (Unix epoch) |

Verification steps:

  1. Extract the X-TL-Signature header value from the incoming request.
  2. Decode and verify the JWT using your Partner Secret with the HS256 algorithm.
  3. Confirm that the partner_id claim matches the X-TL-Partner-Id header.
  4. Reject the request if verification fails (invalid signature, expired token, or mismatched partner ID).

JavaScript example:

const jwt = require(''jsonwebtoken'');
function verifyWebhook(req) {
  const signature = req.headers[''x-tl-signature''];
  const partnerId = req.headers[''x-tl-partner-id''];
  try {
    const decoded = jwt.verify(signature, PARTNER_SECRET);
    return decoded.partner_id === partnerId;
  } catch (err) {
    return false;
  }
}

Python example:

import jwt
def verify_webhook(headers):
    signature = headers.get(''X-TL-Signature'')
    partner_id = headers.get(''X-TL-Partner-Id'')
    try:
        decoded = jwt.decode(signature, PARTNER_SECRET, algorithms=[''HS256''])
        return decoded[''partner_id''] == partner_id
    except jwt.InvalidTokenError:
        return False

See the PartnerAPI Webhooks Overview for more details.

Body

application/json

Webhook payload sent when the Public API calls quota for a workspace reaches or exceeds 90 or 100 percent utilization within the current billing period.

workspace_id
string
required

Identifier of the workspace whose Public API calls quota has reached full utilization.

Example:

"my-workspace"

event_type
enum<string>
required

Partner webhook event name.

Available options:
workspace:quota_full:api_calls
Example:

"workspace:quota_full:api_calls"

partner_id
string
required

Unique identifier of the partner that owns the workspace.

Example:

"partner_12345"

triggered_at
string<date-time>
required

Timestamp when the event was triggered.

Example:

"2024-01-01T12:00:00.000Z"

api_calls_limit
integer
required

Total number of Public API calls allocated to the workspace for the current billing period.

Example:

1000000

api_calls_used
integer
required

Number of Public API calls consumed in the current billing period when the threshold was reached.

Example:

1000000

current_period_start
string<date-time>
required

Start of the current billing period used to aggregate the utilization

Example:

"2024-01-01T00:00:00.000Z"

current_period_end
string<date-time>
required

End of the current billing period used to aggregate the utilization

Example:

"2024-01-31T23:59:59.000Z"

Response

200

Receiver accepted the event