Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Crafting a Great Webhooks Experience

Avatar for John Sheehan John Sheehan
August 21, 2014
Technology
0
190

Crafting a Great Webhooks Experience

Presented at API Craft SF on 8/21/14

Avatar for John Sheehan

John Sheehan

August 21, 2014
Tweet

More Decks by John Sheehan

See All by John Sheehan
My Favorite API Tools (Other than Runscope)
Avatar for John Sheehan johnsheehan
0
170
Crafting a Great Webhooks Experience
Avatar for John Sheehan johnsheehan
2
530
Glue 2015: Microservices - More than just a buzzword.
Avatar for John Sheehan johnsheehan
2
740
Scale-Oriented Architecture with Microservices
Avatar for John Sheehan johnsheehan
2
350
The rise of distributed applications.
Avatar for John Sheehan johnsheehan
2
470
Zen and the Art of API Maintenance
Avatar for John Sheehan johnsheehan
2
2.5k
Building API integrations you can live with.
Avatar for John Sheehan johnsheehan
0
120
Free API debugging and testing tools you should know about.
Avatar for John Sheehan johnsheehan
5
850
Modern Tools for Modern Applications
Avatar for John Sheehan johnsheehan
1
190

Other Decks in Technology

See All in Technology
Claude Code はじめてガイド -1時間で学べるAI駆動開発の基本と実践-
Avatar for Oikon oikon48
45
27k
オープンデータの内製化から分かったGISデータを巡る行政の課題
Avatar for 室木直樹 naokim84
2
1.4k
日本Rubyの会の構造と実行とあと何か / hokurikurk01
Avatar for Masayoshi Takahashi takahashim
4
760
生成AI・AIエージェント時代、データサイエンティストは何をする人なのか?そして、今学生であるあなたは何を学ぶべきか?
Avatar for kuri8ive kuri8ive
2
2k
あなたの知らないDateのひみつ / The Secret of "Date" You Haven't known #tqrk16
Avatar for Shu OGAWARA expajp
0
120
法人支出管理領域におけるソフトウェアアーキテクチャに基づいたテスト戦略の実践
Avatar for ogugu ogugu9
1
190
AI駆動開発によるDDDの実践
Avatar for ディップ株式会社 dip_tech
PRO
0
350
Uncertainty in the LLM era - Science, more than scale
Avatar for Gael Varoquaux gaelvaroquaux
0
660
著者と読み解くAIエージェント現場導入の勘所 Lancers TechBook#2
Avatar for Shumpei Miyawaki smiyawaki0820
11
5.1k
安いGPUレンタルサービスについて
Avatar for Aratako aratako
2
2.5k
Playwrightのソースコードに見る、自動テストを自動で書く技術
Avatar for Yusuke Iwaki yusukeiwaki
12
4k
バグハンター視点によるサプライチェーンの脆弱性
Avatar for morioka12 scgajge12
2
590

Featured

See All Featured
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.3k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
120
20k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
269
13k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
380
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.6k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
54
7.9k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
9.8k

Transcript

  1. Crafting a Great Webhooks Experience John Sheehan CEO, @Runscope Tuesday,

    October 7, 14

  2. Tuesday, October 7, 14

  3. Tuesday, October 7, 14

  4. Tuesday, October 7, 14

  5. Tuesday, October 7, 14

  6. Tuesday, October 7, 14

  7. "user defined callbacks made with HTTP POST" Tuesday, October 7,

    14

  8. "Webhooks are the easiest way to remotely execute code." --

    Jeff Lindsay once when we were talking Tuesday, October 7, 14

  9. HTTP Push Notifications Tuesday, October 7, 14

  10. A Reverse API Tuesday, October 7, 14

  11. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  12. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  13. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  14. Tuesday, October 7, 14

  15. Implementing Webhooks Tuesday, October 7, 14

  16. url = get_callback_url() data = get_webhook_payload_json() try: resp = requests.post(url,

    data=data) if not resp.ok: _logger.error(resp.content) except Exception as e: _logger.error(e) Tuesday, October 7, 14

  17. Problem #1: Error Handling Tuesday, October 7, 14

  18. > POST /callback < 400 Bad Request Tuesday, October 7,

    14

  19. > POST /callback < 302 Found < Location: http:// Tuesday,

    October 7, 14

  20. > POST /callback < 200 OK < Content-Type: text/plain <

    <Response></Response> Tuesday, October 7, 14

  21. Error Handling Suggestions Tuesday, October 7, 14

  22. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  23. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  24. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  25. Problem #2: Flooding Tuesday, October 7, 14

  26. Tuesday, October 7, 14

  27. Active Queues ↪ ↪ Tuesday, October 7, 14

  28. Problem #3: Security Tuesday, October 7, 14

  29. > POST http://localhost:3000 Tuesday, October 7, 14

  30. > POST http://foo.lvh.me Tuesday, October 7, 14

  31. DoS Attack Vector Tuesday, October 7, 14

  32. Proving the Source Tuesday, October 7, 14

  33. Validation Techniques Tuesday, October 7, 14

  34. Key Sharing Tuesday, October 7, 14

  35. Request Signing Tuesday, October 7, 14

  36. Re-fetch > POST /callback > { id: 123 } >

    GET /users/123 < { id: 123 } Webhook Callback App Code Tuesday, October 7, 14

  37. Security Suggestions Tuesday, October 7, 14

  38. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  39. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  40. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  41. Developer Experience Tuesday, October 7, 14

  42. Payload Design Tuesday, October 7, 14

  43. Fat vs.Thin Tuesday, October 7, 14

  44. - or - { } payload= Tuesday, October 7, 14

  45. - or - data = JSON.loads(request.body) name = data["name"] name

    = request.form.get("name") Tuesday, October 7, 14

  46. payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,

    October 7, 14

  47. Mirror API Resources Tuesday, October 7, 14

  48. Complete Documentation! Tuesday, October 7, 14

  49. Tooling Tuesday, October 7, 14

  50. Accept Multiple Callback URLs Tuesday, October 7, 14

  51. Hooks API Tuesday, October 7, 14

  52. Debugger & Logs Tuesday, October 7, 14

  53. Manual Retries Tuesday, October 7, 14

  54. Generate Test Callbacks Tuesday, October 7, 14

  55. Tunneling Tuesday, October 7, 14

  56. Thank you! Questions? Try Runscope free: runscope.com Tuesday, October 7,

    14