Praisma Hub LogoPraisma Hub

6.2.3 Developer Guide — APIs — Notification API — Event Triggers

The Notification API allows systems and integrations to emit notification events that are processed by the platform’s notification pipeline. The API is designed to decouple event generation from delivery, ensuring reliability, consistency, and auditability.

API Scope and Guarantees

The Notification API supports creation of notification events only. Rendering and delivery are handled by downstream systems.

Guarantees:

No direct delivery coupling

Deterministic event persistence

Stable event schemas

Event Creation

Clients submit notification events with explicit type and payload. Events are immutable once accepted.

Required attributes:

Event type identifier

Recipient scope

Payload data

Source reference

Example request:

POST /api/v1/notifications { "type": "content.approved", "recipients": {"users": ["uuid"]}, "payload": {"content_id": "uuid"} }

Recipient Resolution

Recipients are resolved at processing time based on the provided scope.

Supported scopes:

Individual users

Roles or groups

Dynamic resolution via rules

Resolution is validated before persistence.

Idempotency

Notification creation supports idempotency to prevent duplicate events during retries.

Example idempotency header:

Idempotency-Key: notif-uuid

Event Validation

All events are validated against registered schemas. Invalid events are rejected deterministically.

Validation guarantees:

Required fields enforced

Payload size limits

Version compatibility checks

Processing and Fan-out

Accepted events are processed asynchronously. Fan-out to delivery channels occurs downstream without blocking API responses.

Processing characteristics:

Non-blocking ingestion

Explicit processing state

Retry on transient failure

Error Handling

Errors are returned with stable HTTP codes and machine-readable bodies. Internal processing errors do not surface to API clients.

Security and Isolation

Notification API access is authenticated and tenant-scoped. Events cannot target recipients outside the originating tenant or organization. Rate limiting and permission checks are enforced on all endpoints.