Slide 1

Slide 1 text

@glaforge WEB HOOKS WEB HOOKS Not as trivial as it may seem Not as trivial as it may seem @glaforge

Slide 2

Slide 2 text

@glaforge Introduction

Slide 3

Slide 3 text

@glaforge Ask a service to notify you via an HTTP callback to a URL you specify when an event occur Ask a service to notify you via an HTTP callback to a URL of your choice when an event occurs @glaforge

Slide 4

Slide 4 text

@glaforge Server to server realtime notification Simple way to connect apps together @glaforge

Slide 5

Slide 5 text

@glaforge @glaforge

Slide 6

Slide 6 text

@glaforge Emails ● SendGrid ● MailChimp Chat messages ● Dialogflow ● Intercom Payments ● Stripe ● BrainTree Build results ● TravisCI ● CircleCI Who else is using webhooks? @glaforge

Slide 7

Slide 7 text

@glaforge Advantages

Slide 8

Slide 8 text

@glaforge Realtime @glaforge

Slide 9

Slide 9 text

@glaforge No polling @glaforge

Slide 10

Slide 10 text

@glaforge No broadcast @glaforge

Slide 11

Slide 11 text

@glaforge Inconvenients

Slide 12

Slide 12 text

@glaforge Not in control @glaforge

Slide 13

Slide 13 text

@glaforge Github Webhooks DEMO @glaforge

Slide 14

Slide 14 text

@glaforge Check runs Check suites Commit comments Branch / tag creation Branch / tag deletion Deploy keys Deployments Deployment statuses Forks Wiki Issue comments Issues Labels Collaborator Milestones Page builds Projects Project cards Project columns Visibility changes Pull requests PR reviews PR review comments Pushes Registry packages Releases Repositories Repository imports Repository vuln. alerts Stars Statuses Team adds Watches @glaforge

Slide 15

Slide 15 text

@glaforge Implementing Webhooks

Slide 16

Slide 16 text

@glaforge Develop & deploy a handler to receive POST requests Register the handler’s URL to the service provider Service provider sends a requests to your handler when an event occurs 1 2 3 Add a webhook mechanism to a service provider 0 @glaforge

Slide 17

Slide 17 text

@glaforge Status codes: retry if not 2xx @glaforge

Slide 18

Slide 18 text

@glaforge Exponential back off PROVIDER @glaforge

Slide 19

Slide 19 text

@glaforge Handler bombed by too many event notifications or retries @glaforge

Slide 20

Slide 20 text

@glaforge Batch multiple events together PROVIDER @glaforge

Slide 21

Slide 21 text

@glaforge Missed calls @glaforge

Slide 22

Slide 22 text

@glaforge Dead letter queue PROVIDER @glaforge

Slide 23

Slide 23 text

@glaforge Google Cloud Pub/Sub @glaforge

Slide 24

Slide 24 text

@glaforge Google Cloud Pub/Sub @glaforge

Slide 25

Slide 25 text

@glaforge Idempotent HANDLER @glaforge

Slide 26

Slide 26 text

@glaforge Security

Slide 27

Slide 27 text

@glaforge Use HTTPS @glaforge

Slide 28

Slide 28 text

@glaforge Whitelist IP addresses HANDLER @glaforge

Slide 29

Slide 29 text

@glaforge Sign requests with user-provided secret PROVIDER @glaforge

Slide 30

Slide 30 text

@glaforge Ngrok and RequestBin DEMO @glaforge

Slide 31

Slide 31 text

@glaforge Apply good security principles: Authentication Authorization @glaforge

Slide 32

Slide 32 text

@glaforge Some best practices

Slide 33

Slide 33 text

@glaforge Data, or not data @glaforge

Slide 34

Slide 34 text

@glaforge Webhook handlers should answer rapidly HANDLER @glaforge

Slide 35

Slide 35 text

@glaforge Handlers should do nothing HANDLER @glaforge

Slide 36

Slide 36 text

@glaforge Enqueue calls and handling PROVIDER HANDLER @glaforge

Slide 37

Slide 37 text

@glaforge Google Cloud Task @glaforge

Slide 38

Slide 38 text

@glaforge Keep track of non-responding handlers PROVIDER @glaforge

Slide 39

Slide 39 text

@glaforge Zzz… what if nobody calls... @glaforge

Slide 40

Slide 40 text

@glaforge Webhooks benefit from serverless solutions HANDLER @glaforge

Slide 41

Slide 41 text

@glaforge Cloud Functions DEMO @glaforge

Slide 42

Slide 42 text

@glaforge Cloud Functions, Cloud Run, App Engine @glaforge

Slide 43

Slide 43 text

@glaforge Google Cloud Functions @glaforge

Slide 44

Slide 44 text

@glaforge Summary

Slide 45

Slide 45 text

@glaforge Implementing Webhooks CLIENT ● Reply with 200 ● Reply fast ● Ack reception and defer work to a worker queue ● Calls should be idempotent ● IP whitelisting ● Check request signature ● Take advantage of serverless solutions SERVER ● Send small data payloads (re-fetch) ● Timeout if client too slow ● Retry with exponential backoff ● Keep track of non-responding handlers and delivery with a worker queue ● Batch events when too frequent ● Use a dead letter queue for auditing ● Use HTTPS for secured connections ● Sign requests with a secret ● Use proper authentication / authorization solutions @glaforge

Slide 46

Slide 46 text

@glaforge Resources

Slide 47

Slide 47 text

@glaforge Resources Crafting a great webhooks experience (John Sheehan) https://speakerdeck.com/apistrat/crafting-a-great-webhooks-experience-by-john-sheehan WebHooks: the definitive guide https://requestbin.com/blog/working-with-webhooks/ WebHooks: The API Strikes Back (InfoQ) https://www.infoq.com/presentations/webhooks-api/ Webhooks vs APIs https://hackernoon.com/webhook-vs-api-whats-the-difference-8d41e6661652 What is a Webhooks push-style API & how does it work (ProgrammableWeb) https://www.programmableweb.com/news/what-webhooks-push-styled-api-and-how-does-it-work/analysis/The2017/03/28 Webhooks do’s & dont’s: what we learned after integration 100+ APIs https://restful.io/webhooks-dos-and-dont-s-what-we-learned-after-integrating-100-apis-d567405a3671#.s0qgt1i9p @glaforge

Slide 48

Slide 48 text

@glaforge Resources How & why Pusher adopted Webhooks https://www.programmableweb.com/news/what-are-webhooks-and-how-do-they-enable-real-time-web/2012/01/30 Webhooks vs WebSub: Which Is Better For Real-Time Event Streaming? https://nordicapis.com/webhooks-vs-websub-which-one-is-better-to-stream-your-events-in-real-time/ Webhooks, the devil is in the details https://techblog.commercetools.com/webhooks-the-devil-in-the-details-ca7f7982c24f#.u49yswnm7 How to design a webhook for my API https://phalt.github.io/webhooks-in-apis/ Serverless webhooks to revolutionize the SaaS https://tomasz.janczuk.org/2018/03/serverless-webhooks-to-revolutionize-the-saas.html @glaforge