WebHooks: The API Strikes Back at CloudConf 2017

WebHooks: The API Strikes Back at CloudConf 2017

These days many APIs are more than just simple REST services. Through WebHooks, APIs are talking back, giving us more information and prompting further action from our applications. But what is the best way to react to these demanding APIs?

We'll look at some services that use Webhooks, exploring reasons to use WebHooks and the emerging best practices. Then we'll look at the other side, implementing WebHook endpoints. Does consuming WebHooks make our application an API? What are the easiest ways to develop and test with WebHooks? We'll cover security, performance and standards all wrapped up with some live coded examples.

By the end we'll know how to handle anything an API can throw back at us.

8ec1383b240b5ba15ffb9743fceb3c0e?s=128

Phil Nash

March 16, 2017
Tweet

Transcript

  1. None
  2. WeB HookS

  3. The api StrikeS bacK

  4. A long time ago, in a galaxy far, far away...

  5. None
  6. Phil Nash @philnash http:/ /philna.sh philnash@twilio.com

  7. WeB HookS

  8. Today • What are WebHooks? • Sending WebHooks • Receiving

    WebHooks
  9. WHAT ARE WEBHOOKS?

  10. WHY USE WEBHOOKS?

  11. REAL TIME DATA

  12. http:/ /www.flickr.com/photos/25834786@N03/4585036818 - secretlondon123

  13. GETTING THE RIGHT RESPONSE

  14. WHO USES WEBHOOKS?

  15. Webhooks everywhere • Twilio • GitHub • Heroku • Braintree

    • Stripe • MailChimp • SendGrid • DropBox • ...and many more
  16. DEMO

  17. SENDING WEBHOOKS

  18. BE A GOOD HTTP CLIENT

  19. CACHING AND COOKIES

  20. DEALING WITH ERRORS

  21. RETRIES OR FALLBACKS?

  22. SECURITY

  23. HTTPS

  24. HTTP AUTH

  25. SIGN REQUESTS

  26. Sending Webhooks • Be a good HTTP client • Deal

    with failures • Sign requests
  27. WORKING WITH WEBHOOKS

  28. None
  29. NGROK

  30. SECURITY

  31. USE HTTPS

  32. VERIFY THE SIGNATURE

  33. SOME WEBHOOK PROVIDERS DON'T SIGN THEIR REQUESTS

  34. ¯\_( ツ)_/¯

  35. SHARE SECRETS

  36. PERFORMANCE

  37. BE GOOD TO YOURSELF AND THE WEBHOOK

  38. DELAY LONG RUNNING TASKS

  39. IDEMPOTENCE

  40. WHAT ABOUT THE RETRIES?

  41. Webhooks • Tunnelling for development • Verify signatures • Use

    HTTPS • Respond quickly to Webhooks • Idempotence
  42. Thanks! @philnash http:/ /philna.sh philnash@twilio.com