Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Crafting a Great Webhooks Experience

Avatar for John Sheehan John Sheehan
August 21, 2014
Technology
0
190

Crafting a Great Webhooks Experience

Presented at API Craft SF on 8/21/14

Avatar for John Sheehan

John Sheehan

August 21, 2014
Tweet

More Decks by John Sheehan

See All by John Sheehan
My Favorite API Tools (Other than Runscope)
Avatar for John Sheehan johnsheehan
0
170
Crafting a Great Webhooks Experience
Avatar for John Sheehan johnsheehan
2
530
Glue 2015: Microservices - More than just a buzzword.
Avatar for John Sheehan johnsheehan
2
740
Scale-Oriented Architecture with Microservices
Avatar for John Sheehan johnsheehan
2
350
The rise of distributed applications.
Avatar for John Sheehan johnsheehan
2
470
Zen and the Art of API Maintenance
Avatar for John Sheehan johnsheehan
2
2.5k
Building API integrations you can live with.
Avatar for John Sheehan johnsheehan
0
120
Free API debugging and testing tools you should know about.
Avatar for John Sheehan johnsheehan
5
850
Modern Tools for Modern Applications
Avatar for John Sheehan johnsheehan
1
190

Other Decks in Technology

See All in Technology
How native lazy objects will change Doctrine and Symfony forever
Avatar for Benjamin Eberlei beberlei
1
390
技術以外の世界に『越境』しエンジニアとして進化を遂げる 〜Kotlinへの愛とDevHRとしての挑戦を添えて〜
Avatar for subroh_0508 subroh0508
1
260
知っていると得する!Movable Type 9 の新機能を徹底解説
Avatar for hayase masakah
0
220
【5分でわかる】セーフィー エンジニア向け会社紹介
Avatar for Safie safie_recruit
0
37k
AI活用によるPRレビュー改善の歩み ― 社内全体に広がる学びと実践
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
130
生成AI・AIエージェント時代、データサイエンティストは何をする人なのか?そして、今学生であるあなたは何を学ぶべきか?
Avatar for kuri8ive kuri8ive
2
1.9k
グレートファイアウォールを自宅に建てよう
Avatar for 綿糸てせ ctes091x
0
110
「え?!それ今ではHTMLだけでできるの!?」驚きの進化を遂げたモダンHTML
Avatar for Riya Amemiya riyaamemiya
10
4.5k
ML PM Talk #1 - ML PMの分類に関する考察
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
600
シンプルを極める。アンチパターンなDB設計の本質
Avatar for Facilo Inc. facilo_inc
1
1.3k
手動から自動へ、そしてその先へ
Avatar for Sammy(MoritaMasami) moritamasami
0
240
最近のLinux普段づかいWaylandデスクトップ元年
Avatar for Takuma Nakajima penguin2716
0
190

Featured

See All Featured
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
186
22k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
10
700
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.6k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
31
2.7k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
700
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.9k

Transcript

  1. Crafting a Great Webhooks Experience John Sheehan CEO, @Runscope Tuesday,

    October 7, 14

  2. Tuesday, October 7, 14

  3. Tuesday, October 7, 14

  4. Tuesday, October 7, 14

  5. Tuesday, October 7, 14

  6. Tuesday, October 7, 14

  7. "user defined callbacks made with HTTP POST" Tuesday, October 7,

    14

  8. "Webhooks are the easiest way to remotely execute code." --

    Jeff Lindsay once when we were talking Tuesday, October 7, 14

  9. HTTP Push Notifications Tuesday, October 7, 14

  10. A Reverse API Tuesday, October 7, 14

  11. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  12. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  13. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  14. Tuesday, October 7, 14

  15. Implementing Webhooks Tuesday, October 7, 14

  16. url = get_callback_url() data = get_webhook_payload_json() try: resp = requests.post(url,

    data=data) if not resp.ok: _logger.error(resp.content) except Exception as e: _logger.error(e) Tuesday, October 7, 14

  17. Problem #1: Error Handling Tuesday, October 7, 14

  18. > POST /callback < 400 Bad Request Tuesday, October 7,

    14

  19. > POST /callback < 302 Found < Location: http:// Tuesday,

    October 7, 14

  20. > POST /callback < 200 OK < Content-Type: text/plain <

    <Response></Response> Tuesday, October 7, 14

  21. Error Handling Suggestions Tuesday, October 7, 14

  22. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  23. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  24. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  25. Problem #2: Flooding Tuesday, October 7, 14

  26. Tuesday, October 7, 14

  27. Active Queues ↪ ↪ Tuesday, October 7, 14

  28. Problem #3: Security Tuesday, October 7, 14

  29. > POST http://localhost:3000 Tuesday, October 7, 14

  30. > POST http://foo.lvh.me Tuesday, October 7, 14

  31. DoS Attack Vector Tuesday, October 7, 14

  32. Proving the Source Tuesday, October 7, 14

  33. Validation Techniques Tuesday, October 7, 14

  34. Key Sharing Tuesday, October 7, 14

  35. Request Signing Tuesday, October 7, 14

  36. Re-fetch > POST /callback > { id: 123 } >

    GET /users/123 < { id: 123 } Webhook Callback App Code Tuesday, October 7, 14

  37. Security Suggestions Tuesday, October 7, 14

  38. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  39. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  40. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  41. Developer Experience Tuesday, October 7, 14

  42. Payload Design Tuesday, October 7, 14

  43. Fat vs.Thin Tuesday, October 7, 14

  44. - or - { } payload= Tuesday, October 7, 14

  45. - or - data = JSON.loads(request.body) name = data["name"] name

    = request.form.get("name") Tuesday, October 7, 14

  46. payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,

    October 7, 14

  47. Mirror API Resources Tuesday, October 7, 14

  48. Complete Documentation! Tuesday, October 7, 14

  49. Tooling Tuesday, October 7, 14

  50. Accept Multiple Callback URLs Tuesday, October 7, 14

  51. Hooks API Tuesday, October 7, 14

  52. Debugger & Logs Tuesday, October 7, 14

  53. Manual Retries Tuesday, October 7, 14

  54. Generate Test Callbacks Tuesday, October 7, 14

  55. Tunneling Tuesday, October 7, 14

  56. Thank you! Questions? Try Runscope free: runscope.com Tuesday, October 7,

    14