Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crafting a Great Webhooks Experience
Search
John Sheehan
August 21, 2014
Technology
0
190
Crafting a Great Webhooks Experience
Presented at API Craft SF on 8/21/14
John Sheehan
August 21, 2014
Tweet
Share
More Decks by John Sheehan
See All by John Sheehan
My Favorite API Tools (Other than Runscope)
johnsheehan
0
170
Crafting a Great Webhooks Experience
johnsheehan
2
530
Glue 2015: Microservices - More than just a buzzword.
johnsheehan
2
740
Scale-Oriented Architecture with Microservices
johnsheehan
2
350
The rise of distributed applications.
johnsheehan
2
470
Zen and the Art of API Maintenance
johnsheehan
2
2.5k
Building API integrations you can live with.
johnsheehan
0
130
Free API debugging and testing tools you should know about.
johnsheehan
5
850
Modern Tools for Modern Applications
johnsheehan
1
200
Other Decks in Technology
See All in Technology
ペアーズにおけるAIエージェント 基盤とText to SQLツールの紹介
hisamouna
2
1.1k
ESXi のAIOps だ!2025冬
unnowataru
0
150
今年のデータ・ML系アップデートと気になるアプデのご紹介
nayuts
1
630
Amazon Bedrock Knowledge Bases × メタデータ活用で実現する検証可能な RAG 設計
tomoaki25
6
1.7k
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
emiki
0
250
「もしもデータ基盤開発で『強くてニューゲーム』ができたなら今の僕はどんなデータ基盤を作っただろう」
aeonpeople
0
110
ActiveJobUpdates
igaiga
1
280
マイクロサービスへの5年間 ぶっちゃけ何をしてどうなったか
joker1007
17
7.3k
ZOZOの独自性を生み出す「似合う4大要素」の開発サイクル
zozotech
PRO
0
100
Amazon Connect アップデート! AIエージェントにMCPツールを設定してみた!
ysuzuki
0
120
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
9.8k
AIの長期記憶と短期記憶の違いについてAgentCoreを例に深掘ってみた
yakumo
4
470
Featured
See All Featured
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
120
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.8k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
0
89
The untapped power of vector embeddings
frankvandijk
1
1.5k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
130
What does AI have to do with Human Rights?
axbom
PRO
0
1.9k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
0
240
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
47
33k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
2
61
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Facilitating Awesome Meetings
lara
57
6.7k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
40
Transcript
Crafting a Great Webhooks Experience John Sheehan CEO, @Runscope Tuesday,
October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
"user defined callbacks made with HTTP POST" Tuesday, October 7,
14
"Webhooks are the easiest way to remotely execute code." --
Jeff Lindsay once when we were talking Tuesday, October 7, 14
HTTP Push Notifications Tuesday, October 7, 14
A Reverse API Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Tuesday, October 7, 14
Implementing Webhooks Tuesday, October 7, 14
url = get_callback_url() data = get_webhook_payload_json() try: resp = requests.post(url,
data=data) if not resp.ok: _logger.error(resp.content) except Exception as e: _logger.error(e) Tuesday, October 7, 14
Problem #1: Error Handling Tuesday, October 7, 14
> POST /callback < 400 Bad Request Tuesday, October 7,
14
> POST /callback < 302 Found < Location: http:// Tuesday,
October 7, 14
> POST /callback < 200 OK < Content-Type: text/plain <
<Response></Response> Tuesday, October 7, 14
Error Handling Suggestions Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Problem #2: Flooding Tuesday, October 7, 14
Tuesday, October 7, 14
Active Queues ↪ ↪ Tuesday, October 7, 14
Problem #3: Security Tuesday, October 7, 14
> POST http://localhost:3000 Tuesday, October 7, 14
> POST http://foo.lvh.me Tuesday, October 7, 14
DoS Attack Vector Tuesday, October 7, 14
Proving the Source Tuesday, October 7, 14
Validation Techniques Tuesday, October 7, 14
Key Sharing Tuesday, October 7, 14
Request Signing Tuesday, October 7, 14
Re-fetch > POST /callback > { id: 123 } >
GET /users/123 < { id: 123 } Webhook Callback App Code Tuesday, October 7, 14
Security Suggestions Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Developer Experience Tuesday, October 7, 14
Payload Design Tuesday, October 7, 14
Fat vs.Thin Tuesday, October 7, 14
- or - { } payload= Tuesday, October 7, 14
- or - data = JSON.loads(request.body) name = data["name"] name
= request.form.get("name") Tuesday, October 7, 14
payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,
October 7, 14
Mirror API Resources Tuesday, October 7, 14
Complete Documentation! Tuesday, October 7, 14
Tooling Tuesday, October 7, 14
Accept Multiple Callback URLs Tuesday, October 7, 14
Hooks API Tuesday, October 7, 14
Debugger & Logs Tuesday, October 7, 14
Manual Retries Tuesday, October 7, 14
Generate Test Callbacks Tuesday, October 7, 14
Tunneling Tuesday, October 7, 14
Thank you! Questions? Try Runscope free: runscope.com Tuesday, October 7,
14
johnsheehan
hisamouna
unnowataru
nayuts
tomoaki25
emiki
aeonpeople
igaiga
joker1007
zozotech
ysuzuki
fullkaiten
yakumo
tammyeverts
productmarketing
stephenakadiri
frankvandijk
skoyamalab
axbom
katarinadahlin
madoxten
cargoodrich
keithpitt
lara
marketingsoph
![- or - data = JSON.loads(request.body) name = data["name"] name](https://files.speakerdeck.com/presentations/f61097803075013297b032228b43df58/slide_44.jpg){kind=link}
![payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,](https://files.speakerdeck.com/presentations/f61097803075013297b032228b43df58/slide_45.jpg){kind=link}
