Replicate — Platform Guide
Platform — Replicate
Replicate webhooks,
without the confusion.
Replicate uses HMAC-SHA256. The webhook secret requires an API call, not a dashboard copy. Tern handles verification. Here's everything you need.
Secret requires an API call
You can't copy it from the dashboard. Run the curl command in Tab 1 once. Store the whsec_ value. Done.Setup
Three steps,
fully verified.
# Run this once to get your webhook secret
curl -s \
-H "Authorization: Bearer $REPLICATE_API_TOKEN" \
https://api.replicate.com/v1/webhooks/default/secret
# Response:
# { "key": "whsec_C2FVsBQIhrscChlQ..." }
#
# That whsec_ value is your REPLICATE_WEBHOOK_SECRET
# Store it in .env — done.
Step by step
Exactly what
to do.
1
Get your webhook secret
Run the curl command from "Get secret" tab above. Save the whsec_ value to REPLICATE_WEBHOOK_SECRET in your .env file.
2
Create your webhook handler
Use the code from "Webhook handler" tab. Platform is 'replicate', secret is your REPLICATE_WEBHOOK_SECRET.
3
Trigger a prediction
Pass your webhook URL to the Replicate predictions API. Use webhook_events_filter: ["completed"] to skip intermediate states.
Environment variables
What you need.
# your Replicate API token
REPLICATE_API_TOKEN=r8_xxx
# from: curl ...api.replicate.com/v1/webhooks/default/secret
REPLICATE_WEBHOOK_SECRET=whsec_xxx
Replicate webhooks,
verified and reliable.
Open source · MIT licensed · Built at Hookflo