QEHSDeveloper portal
attachment.uploaded.v1
An attachment was uploaded and passed virus scanning.
attachment.uploaded.v1v1at-least-once deliveryFires when
After the signed-URL upload completes and the async virus scan clears. Not fired if the scan flags the file.
Payload fields
Envelope fields are shared across all event types. Event-specific data is nested under data.
| Field | Type | Required | Description |
|---|---|---|---|
eventId | string (uuid) | required | Unique per delivery attempt. Use for deduplication. |
event | string | required | Fully-qualified event name, e.g. record.created.v1. |
tenantId | string (uuid) | required | Tenant that owns the affected resource. |
firedAt | string (date-time) | required | ISO-8601 UTC timestamp when the event was emitted. |
data.attachmentId | string (uuid) | required | Unique ID of the stored attachment. |
data.recordId | string (uuid) | required | Record the attachment belongs to. |
data.sizeBytes | integer | required | File size in bytes after upload. |
data.mimeType | string | required | Detected MIME type, e.g. image/jpeg. |
data.filename | string | required | Original filename as supplied at upload time. |
Sample payload
{
"eventId": "ffffffff-0000-1111-2222-333333333333",
"event": "attachment.uploaded.v1",
"tenantId": "00000000-1111-2222-3333-444444444444",
"firedAt": "2026-04-18T13:15:00.000Z",
"data": {
"attachmentId": "12345678-abcd-ef01-2345-678901234567",
"recordId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"sizeBytes": 204800,
"mimeType": "image/jpeg",
"filename": "photo-site-inspection.jpg"
}
}Verify the signature
Every delivery includes X-QEHS-Signature: sha256=<hex> and X-Job-ID headers. Verify before trusting the body. See the webhooks signature docs for a full verification example.