Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crafting a Great Webhooks Experience
Search
John Sheehan
August 21, 2014
Technology
0
160
Crafting a Great Webhooks Experience
Presented at API Craft SF on 8/21/14
John Sheehan
August 21, 2014
Tweet
Share
More Decks by John Sheehan
See All by John Sheehan
My Favorite API Tools (Other than Runscope)
johnsheehan
0
140
Crafting a Great Webhooks Experience
johnsheehan
2
490
Glue 2015: Microservices - More than just a buzzword.
johnsheehan
2
600
Scale-Oriented Architecture with Microservices
johnsheehan
2
330
The rise of distributed applications.
johnsheehan
2
410
Zen and the Art of API Maintenance
johnsheehan
2
2.3k
Building API integrations you can live with.
johnsheehan
0
98
Free API debugging and testing tools you should know about.
johnsheehan
5
820
Modern Tools for Modern Applications
johnsheehan
1
170
Other Decks in Technology
See All in Technology
一休.comレストランにおけるRustの活用
kymmt90
3
580
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
ガバメントクラウド単独利用方式におけるIaC活用
techniczna
3
270
物価高なラスベガスでの過ごし方
zakky
0
380
事業者間調整の行間を読む 調整の具体事例
sugiim
0
1.5k
最速最小からはじめるデータプロダクト / Data Product MVP
amaotone
5
740
現地でMeet Upをやる場合の注意点 〜反省点を添えて〜
shotashiratori
0
530
【若手エンジニア応援LT会】AWS Security Hubの活用に苦労した話
kazushi_ohata
0
170
バクラクにおける可観測性向上の取り組み
yuu26
3
420
ユーザーの購買行動モデリングとその分析 / dsc-purchase-analysis
cyberagentdevelopers
PRO
2
100
AWS CodePipelineでコンテナアプリをデプロイした際に、古いイメージを自動で削除する
smt7174
1
100
わたしとトラックポイント / TrackPoint tips
masahirokawahara
1
240
Featured
See All Featured
Why Our Code Smells
bkeepers
PRO
334
57k
Fontdeck: Realign not Redesign
paulrobertlloyd
81
5.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k
Teambox: Starting and Learning
jrom
132
8.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
Faster Mobile Websites
deanohume
304
30k
The Art of Programming - Codeland 2020
erikaheidi
51
13k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
14
1.9k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.2k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Transcript
Crafting a Great Webhooks Experience John Sheehan CEO, @Runscope Tuesday,
October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
"user defined callbacks made with HTTP POST" Tuesday, October 7,
14
"Webhooks are the easiest way to remotely execute code." --
Jeff Lindsay once when we were talking Tuesday, October 7, 14
HTTP Push Notifications Tuesday, October 7, 14
A Reverse API Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Tuesday, October 7, 14
Implementing Webhooks Tuesday, October 7, 14
url = get_callback_url() data = get_webhook_payload_json() try: resp = requests.post(url,
data=data) if not resp.ok: _logger.error(resp.content) except Exception as e: _logger.error(e) Tuesday, October 7, 14
Problem #1: Error Handling Tuesday, October 7, 14
> POST /callback < 400 Bad Request Tuesday, October 7,
14
> POST /callback < 302 Found < Location: http:// Tuesday,
October 7, 14
> POST /callback < 200 OK < Content-Type: text/plain <
<Response></Response> Tuesday, October 7, 14
Error Handling Suggestions Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Problem #2: Flooding Tuesday, October 7, 14
Tuesday, October 7, 14
Active Queues ↪ ↪ Tuesday, October 7, 14
Problem #3: Security Tuesday, October 7, 14
> POST http://localhost:3000 Tuesday, October 7, 14
> POST http://foo.lvh.me Tuesday, October 7, 14
DoS Attack Vector Tuesday, October 7, 14
Proving the Source Tuesday, October 7, 14
Validation Techniques Tuesday, October 7, 14
Key Sharing Tuesday, October 7, 14
Request Signing Tuesday, October 7, 14
Re-fetch > POST /callback > { id: 123 } >
GET /users/123 < { id: 123 } Webhook Callback App Code Tuesday, October 7, 14
Security Suggestions Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Developer Experience Tuesday, October 7, 14
Payload Design Tuesday, October 7, 14
Fat vs.Thin Tuesday, October 7, 14
- or - { } payload= Tuesday, October 7, 14
- or - data = JSON.loads(request.body) name = data["name"] name
= request.form.get("name") Tuesday, October 7, 14
payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,
October 7, 14
Mirror API Resources Tuesday, October 7, 14
Complete Documentation! Tuesday, October 7, 14
Tooling Tuesday, October 7, 14
Accept Multiple Callback URLs Tuesday, October 7, 14
Hooks API Tuesday, October 7, 14
Debugger & Logs Tuesday, October 7, 14
Manual Retries Tuesday, October 7, 14
Generate Test Callbacks Tuesday, October 7, 14
Tunneling Tuesday, October 7, 14
Thank you! Questions? Try Runscope free: runscope.com Tuesday, October 7,
14
johnsheehan
kymmt90
cyberagentdevelopers
techniczna
zakky
sugiim
amaotone
shotashiratori
kazushi_ohata
yuu26
smt7174
masahirokawahara
bkeepers
paulrobertlloyd
philnash
jrom
scottboms
reverentgeek
mraible
deanohume
erikaheidi
eileencodes
kevinliebholz
denniskardys
![- or - data = JSON.loads(request.body) name = data["name"] name](https://files.speakerdeck.com/presentations/f61097803075013297b032228b43df58/slide_44.jpg){kind=link}
![payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,](https://files.speakerdeck.com/presentations/f61097803075013297b032228b43df58/slide_45.jpg){kind=link}
