Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crafting a Great Webhooks Experience

Avatar for John Sheehan John Sheehan
August 21, 2014
Technology
0
180

Crafting a Great Webhooks Experience

Presented at API Craft SF on 8/21/14

Avatar for John Sheehan

John Sheehan

August 21, 2014
Tweet

More Decks by John Sheehan

See All by John Sheehan
My Favorite API Tools (Other than Runscope)
Avatar for John Sheehan johnsheehan
0
160
Crafting a Great Webhooks Experience
Avatar for John Sheehan johnsheehan
2
520
Glue 2015: Microservices - More than just a buzzword.
Avatar for John Sheehan johnsheehan
2
690
Scale-Oriented Architecture with Microservices
Avatar for John Sheehan johnsheehan
2
340
The rise of distributed applications.
Avatar for John Sheehan johnsheehan
2
450
Zen and the Art of API Maintenance
Avatar for John Sheehan johnsheehan
2
2.4k
Building API integrations you can live with.
Avatar for John Sheehan johnsheehan
0
110
Free API debugging and testing tools you should know about.
Avatar for John Sheehan johnsheehan
5
840
Modern Tools for Modern Applications
Avatar for John Sheehan johnsheehan
1
190

Other Decks in Technology

See All in Technology
データ基盤の管理者からGoogle Cloud全体の管理者になっていた話
Avatar for ZOZO Developers zozotech
PRO
0
340
猫でもわかるQ_CLI(CDK開発編)+ちょっとだけKiro
Avatar for Hiroo Katoh kentapapa
0
3.4k
SRE新規立ち上げ! Hubbleインフラのこれまでと展望
Avatar for Katsuya Fujii katsuya0515
0
160
Claude CodeでKiroの仕様駆動開発を実現させるには...
Avatar for Gota gotalab555
3
900
Claude Codeが働くAI中心の業務システム構築の挑戦―AIエージェント中心の働き方を目指して
Avatar for os1ma os1ma
9
1.5k
Claude Codeから我々が学ぶべきこと
Avatar for Oikon s4yuba
9
2.2k
AI によるドキュメント処理を加速するためのOCR 結果の永続化と再利用戦略
Avatar for Tomoaki tomoaki25
0
410
生成AI時代におけるAI・機械学習技術を用いたプロダクト開発の深化と進化 #BetAIDay
Avatar for LayerX layerx
PRO
1
1k
Lambda management with ecspresso and Terraform
Avatar for Michael H. Oshita ijin
2
140
ビジネス文書に特化した基盤モデル開発 / SaaSxML_Session_2
Avatar for Sansan R&D sansan_randd
0
260
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
Avatar for Akitomo Sato akitomonam
3
250
【CEDEC2025】ブランド力アップのためのコンテンツマーケティング~ゲーム会社における情報資産の活かし方~
Avatar for Cygames cygames
PRO
0
240

Featured

See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
33
2.4k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
37
2.8k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
21
1.4k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
431
65k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.4k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
6k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
It's Worth the Effort
Avatar for 3n 3n
185
28k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
190
11k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1.1k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
134
9.5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3.1k

Transcript

  1. Crafting a Great Webhooks Experience John Sheehan CEO, @Runscope Tuesday,

    October 7, 14

  2. Tuesday, October 7, 14

  3. Tuesday, October 7, 14

  4. Tuesday, October 7, 14

  5. Tuesday, October 7, 14

  6. Tuesday, October 7, 14

  7. "user defined callbacks made with HTTP POST" Tuesday, October 7,

    14

  8. "Webhooks are the easiest way to remotely execute code." --

    Jeff Lindsay once when we were talking Tuesday, October 7, 14

  9. HTTP Push Notifications Tuesday, October 7, 14

  10. A Reverse API Tuesday, October 7, 14

  11. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  12. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  13. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  14. Tuesday, October 7, 14

  15. Implementing Webhooks Tuesday, October 7, 14

  16. url = get_callback_url() data = get_webhook_payload_json() try: resp = requests.post(url,

    data=data) if not resp.ok: _logger.error(resp.content) except Exception as e: _logger.error(e) Tuesday, October 7, 14

  17. Problem #1: Error Handling Tuesday, October 7, 14

  18. > POST /callback < 400 Bad Request Tuesday, October 7,

    14

  19. > POST /callback < 302 Found < Location: http:// Tuesday,

    October 7, 14

  20. > POST /callback < 200 OK < Content-Type: text/plain <

    <Response></Response> Tuesday, October 7, 14

  21. Error Handling Suggestions Tuesday, October 7, 14

  22. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  23. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  24. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  25. Problem #2: Flooding Tuesday, October 7, 14

  26. Tuesday, October 7, 14

  27. Active Queues ↪ ↪ Tuesday, October 7, 14

  28. Problem #3: Security Tuesday, October 7, 14

  29. > POST http://localhost:3000 Tuesday, October 7, 14

  30. > POST http://foo.lvh.me Tuesday, October 7, 14

  31. DoS Attack Vector Tuesday, October 7, 14

  32. Proving the Source Tuesday, October 7, 14

  33. Validation Techniques Tuesday, October 7, 14

  34. Key Sharing Tuesday, October 7, 14

  35. Request Signing Tuesday, October 7, 14

  36. Re-fetch > POST /callback > { id: 123 } >

    GET /users/123 < { id: 123 } Webhook Callback App Code Tuesday, October 7, 14

  37. Security Suggestions Tuesday, October 7, 14

  38. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  39. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  40. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  41. Developer Experience Tuesday, October 7, 14

  42. Payload Design Tuesday, October 7, 14

  43. Fat vs.Thin Tuesday, October 7, 14

  44. - or - { } payload= Tuesday, October 7, 14

  45. - or - data = JSON.loads(request.body) name = data["name"] name

    = request.form.get("name") Tuesday, October 7, 14

  46. payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,

    October 7, 14

  47. Mirror API Resources Tuesday, October 7, 14

  48. Complete Documentation! Tuesday, October 7, 14

  49. Tooling Tuesday, October 7, 14

  50. Accept Multiple Callback URLs Tuesday, October 7, 14

  51. Hooks API Tuesday, October 7, 14

  52. Debugger & Logs Tuesday, October 7, 14

  53. Manual Retries Tuesday, October 7, 14

  54. Generate Test Callbacks Tuesday, October 7, 14

  55. Tunneling Tuesday, October 7, 14

  56. Thank you! Questions? Try Runscope free: runscope.com Tuesday, October 7,

    14