Tweet
Tweet

Slide 1

Slide 1 text

The Wonderful World of Webhooks & Event-Driven APIs Yos Riady yos.io goo.gl/YmlmU6

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

The Perils of Polling The Why and What of Webhooks Background Webhooks Examples Best Practices Conclusion The How and some real-life applications Summary and further learning How to do webhooks well

Slide 5

Slide 5 text

The Perils of Polling

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

book pls How APIs work GET /books/1

Slide 8

Slide 8 text

here you go! How APIs work

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

1.5% The percentage of polling requests that are actionable :(

Slide 11

Slide 11 text

Polling is a hack. and you should be sad :(

Slide 12

Slide 12 text

The Perils of Polling The Why and What of Webhooks Background Webhooks Examples Best Practices Conclusion The How and some real-life applications Summary and further learning How to do webhooks well

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

What is a webhook?

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

check this out How Webhooks work

Slide 17

Slide 17 text

{ "id": "evt_19lV34GiPuIq2Ki5UbuHx0fz", "created": 1486697174, "data": { “title”: “Webhook Design 101” “author”: {} }, "type": "book.published" }

Slide 18

Slide 18 text

thanks! How Webhooks work 200 OK

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

Don’t call me. I’ll call you.

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

Webhooks in the wild

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

Reasons to use Webhooks

Slide 26

Slide 26 text

Why use Webhooks #1: Performance Webhooks are 66 times more efficient than traditional polling. Only 1.5% of polls were actionable. With webhooks, the value is expected to be near 100%. ● Reduce server load ○ Decreases the number of servers you need ○ Increases the number of clients you can support ○ Save on server costs ● Drop bandwidth usage by orders of magnitude

Slide 27

Slide 27 text

Why use Webhooks #2: User Experience ● A smarter, more idiomatic solution to real-time ○ As opposed to polling every n-minute intervals ○ Industry best practice ● Improved developer experience ○ Over 80% of developers prefer webhooks compared to polling ○ Spend less time on the quirks of polling

Slide 28

Slide 28 text

The Perils of Polling The Why and What of Webhooks Background Webhooks Examples Best Practices Conclusion The How and some real-life applications Summary and further learning How to do webhooks well

Slide 29

Slide 29 text

Webhook Design 101 Provider makes an HTTP POST request when an event happens Notifications Consumer registers a webhook URL with the provider Subscriptions Consumer sets up a server to listen / consume webhook events Setup

Slide 30

Slide 30 text

What’s in an event? ● Event name ○ follows a noun.verb convention ● Event payload ○ Should match your API resource ● ID { "id": "evt_19lV", "created": 1486697174, "data": { “title”: “Webhook Design 101” “author”: {} }, "type": "book.published" }

Slide 31

Slide 31 text

Webhook Event Naming Convention namespace.noun.verb ● account.updated ● charge.succeeded ● billing.subscription.cancelled ● ping

Slide 32

Slide 32 text

Subscriptions API

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

Event Dispatch & Delivery In your Application code 1. An event is triggered somewhere in your system 2. Insert a task to deliver hooks for the event and user (async) 3. Continues execution as per normal Event Delivery Task A. Look up any existing subscriptions for the particular event and user B. Loop over existing subscriptions and POST the payload C. Perform any cleanup, failure, or retry logic

Slide 35

Slide 35 text

For scalability, use a proper queue

Slide 36

Slide 36 text

The Perils of Polling The Why and What of Webhooks Background Webhooks Examples Best Practices Conclusion The How and some real-life applications Summary and further learning How to do webhooks well

Slide 37

Slide 37 text

Best Practice #1: Event Types

Slide 38

Slide 38 text

Best Practice #2: Multiple Webhook URLs

Slide 39

Slide 39 text

Best Practice #3: Security ● Use HTTPS ○ prevents man-in-the-middle snooping ● IP whitelisting ○ for consumers to verify the event source ● Send a shared secret with the outgoing payload ○ Basic Auth ○ for consumers to verify the authenticity of the event source ○ X-Mandrill-Signature ● Verify an Event using its ID ○ for consumers can verify an event with the provider ○ Providers expose an Events API

Slide 40

Slide 40 text

Best Practice #4: HTTP Responses and Retries ● Event handlers should be idempotent ○ Delivery is guaranteed ‘at least once’ ● Return 2xx To acknowledge receipt of a webhook event ○ All other status codes will indicate that the event was not received ● Non-received events should be resent ○ Stripe will resend events every hour for 3 days until it’s received ○ Exponential backoff ○ Support manual triggers

Slide 41

Slide 41 text

Best Practice #5: Documentation Webhook subscription and the each event type should be well-documented.

Slide 42

Slide 42 text

Best Practice #6: Performance

Slide 43

Slide 43 text

The Perils of Polling The Why and What of Webhooks Background Webhooks Examples Best Practices Conclusion The How and some real-life applications Summary and further learning How to do webhooks well

Slide 44

Slide 44 text

Summary ● Software is becoming increasingly interconnected ● The problems with traditional polling ● What webhooks are and why we use them ● How to do webhooks well

Slide 45

Slide 45 text

Thanks Yos Riady yos.io

Slide 46

Slide 46 text

Questions? Yos Riady yos.io