Save 37% off PRO during our Black Friday Sale! »

WebHooks: The API Strikes Back

WebHooks: The API Strikes Back

These days many APIs are more than just simple REST services. Nowadays, APIs want to talk back prompting further action from applications. But what is the best way to build out an API that can be demanding? We'll look at some services that use Webhooks, exploring reasons to use WebHooks and the emerging best practices. Then we'll look at the other side, implementing WebHook endpoints. Does consuming WebHooks turn an application into an API? What are the easiest ways to develop and test with WebHooks? We'll cover security, performance and standards all wrapped up with some live coded examples.

8ec1383b240b5ba15ffb9743fceb3c0e?s=128

Phil Nash

March 01, 2017
Tweet

Transcript

  1. WeB HookS

  2. The api StrikeS bacK

  3. Phil Nash @philnash http:/ /philna.sh philnash@twilio.com

  4. WeB HookS

  5. Today • What are WebHooks? • Sending WebHooks • Receiving

    WebHooks
  6. WHAT ARE WEBHOOKS?

  7. A long time ago, in a galaxy far, far away...

  8. None
  9. WHAT ARE WEBHOOKS?

  10. WHY USE WEBHOOKS?

  11. REAL TIME DATA

  12. http:/ /www.flickr.com/photos/25834786@N03/4585036818 - secretlondon123

  13. GETTING THE RIGHT RESPONSE

  14. WHO USES WEBHOOKS?

  15. Webhooks everywhere • Twilio • GitHub • Heroku • Braintree

    • Stripe • MailChimp • SendGrid • DropBox • ...and many more
  16. DEMO

  17. 0451 562 192

  18. SENDING WEBHOOKS

  19. BE A GOOD HTTP CLIENT

  20. CACHING AND COOKIES

  21. DEALING WITH ERRORS

  22. RETRIES OR FALLBACKS?

  23. SECURITY

  24. HTTP AUTH

  25. SIGN REQUESTS

  26. Sending Webhooks • Be a good HTTP client • Deal

    with failures • Sign requests
  27. WORKING WITH WEBHOOKS

  28. None
  29. NGROK

  30. SECURITY

  31. USE HTTPS

  32. VERIFY THE SIGNATURE

  33. SOME WEBHOOK PROVIDERS DON'T SIGN THEIR REQUESTS

  34. ¯\_( ツ)_/¯

  35. SHARE SECRETS

  36. PERFORMANCE

  37. BE GOOD TO YOURSELF AND THE WEBHOOK

  38. DELAY LONG RUNNING TASKS

  39. IDEMPOTENCE

  40. WHAT ABOUT THE RETRIES?

  41. Webhooks • Tunnelling for development • Verify signatures • Use

    HTTPS • Respond quickly to Webhooks • Idempotence
  42. Thanks! @philnash http:/ /philna.sh philnash@twilio.com