Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Crafting a Great Webhooks Experience
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
John Sheehan
August 21, 2014
Technology
0
210
Crafting a Great Webhooks Experience
Presented at API Craft SF on 8/21/14
John Sheehan
August 21, 2014
Tweet
Share
More Decks by John Sheehan
See All by John Sheehan
My Favorite API Tools (Other than Runscope)
johnsheehan
0
180
Crafting a Great Webhooks Experience
johnsheehan
2
550
Glue 2015: Microservices - More than just a buzzword.
johnsheehan
2
760
Scale-Oriented Architecture with Microservices
johnsheehan
2
360
The rise of distributed applications.
johnsheehan
2
480
Zen and the Art of API Maintenance
johnsheehan
2
2.5k
Building API integrations you can live with.
johnsheehan
0
140
Free API debugging and testing tools you should know about.
johnsheehan
5
860
Modern Tools for Modern Applications
johnsheehan
1
210
Other Decks in Technology
See All in Technology
AIエージェント勉強会第3回 エージェンティックAIの時代がやってきた
ymiya55
0
170
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
yama3133
1
160
「活動」は激変する。「ベース」は変わらない ~ 4つの軸で捉える_AI時代ソフトウェア開発マネジメント
sentokun
0
130
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
77k
15年メンテしてきたdotfilesから開発トレンドを振り返る 2011 - 2026
giginet
PRO
2
240
CloudFrontのHost Header転送設定でパケットの中身はどう変わるのか?
nagisa53
1
230
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.3k
ThetaOS - A Mythical Machine comes Alive
aslander
0
220
20260326_AIDD事例紹介_ULSC.pdf
findy_eventslides
0
210
TUNA Camp 2026 京都Stage ヒューリスティックアルゴリズム入門
terryu16
0
640
昔話で振り返るAWSの歩み ~S3誕生から20年、クラウドはどう進化したのか~
nrinetcom
PRO
0
120
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
4
1.3k
Featured
See All Featured
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.2k
Side Projects
sachag
455
43k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
220
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.2k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.1k
YesSQL, Process and Tooling at Scale
rocio
174
15k
Mind Mapping
helmedeiros
PRO
1
140
Why Our Code Smells
bkeepers
PRO
340
58k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.3k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
140
Color Theory Basics | Prateek | Gurzu
gurzu
0
270
The Curious Case for Waylosing
cassininazir
0
280
Transcript
Crafting a Great Webhooks Experience John Sheehan CEO, @Runscope Tuesday,
October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
Tuesday, October 7, 14
"user defined callbacks made with HTTP POST" Tuesday, October 7,
14
"Webhooks are the easiest way to remotely execute code." --
Jeff Lindsay once when we were talking Tuesday, October 7, 14
HTTP Push Notifications Tuesday, October 7, 14
A Reverse API Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Provider makes request to URL when an event happens. Consumer
sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14
Tuesday, October 7, 14
Implementing Webhooks Tuesday, October 7, 14
url = get_callback_url() data = get_webhook_payload_json() try: resp = requests.post(url,
data=data) if not resp.ok: _logger.error(resp.content) except Exception as e: _logger.error(e) Tuesday, October 7, 14
Problem #1: Error Handling Tuesday, October 7, 14
> POST /callback < 400 Bad Request Tuesday, October 7,
14
> POST /callback < 302 Found < Location: http:// Tuesday,
October 7, 14
> POST /callback < 200 OK < Content-Type: text/plain <
<Response></Response> Tuesday, October 7, 14
Error Handling Suggestions Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Be lenient in what you accept back if you can
reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14
Problem #2: Flooding Tuesday, October 7, 14
Tuesday, October 7, 14
Active Queues ↪ ↪ Tuesday, October 7, 14
Problem #3: Security Tuesday, October 7, 14
> POST http://localhost:3000 Tuesday, October 7, 14
> POST http://foo.lvh.me Tuesday, October 7, 14
DoS Attack Vector Tuesday, October 7, 14
Proving the Source Tuesday, October 7, 14
Validation Techniques Tuesday, October 7, 14
Key Sharing Tuesday, October 7, 14
Request Signing Tuesday, October 7, 14
Re-fetch > POST /callback > { id: 123 } >
GET /users/123 < { id: 123 } Webhook Callback App Code Tuesday, October 7, 14
Security Suggestions Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Validate your requests. Document it well! Resolve IPs before making
request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14
Developer Experience Tuesday, October 7, 14
Payload Design Tuesday, October 7, 14
Fat vs.Thin Tuesday, October 7, 14
- or - { } payload= Tuesday, October 7, 14
- or - data = JSON.loads(request.body) name = data["name"] name
= request.form.get("name") Tuesday, October 7, 14
payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,
October 7, 14
Mirror API Resources Tuesday, October 7, 14
Complete Documentation! Tuesday, October 7, 14
Tooling Tuesday, October 7, 14
Accept Multiple Callback URLs Tuesday, October 7, 14
Hooks API Tuesday, October 7, 14
Debugger & Logs Tuesday, October 7, 14
Manual Retries Tuesday, October 7, 14
Generate Test Callbacks Tuesday, October 7, 14
Tunneling Tuesday, October 7, 14
Thank you! Questions? Try Runscope free: runscope.com Tuesday, October 7,
14
SiteGround - Reliable hosting with speed, security, and support you can count on.
johnsheehan
ymiya55
yama3133
sentokun
cybozuinsideout
giginet
nagisa53
oracle4engineer
aslander
findy_eventslides
terryu16
nrinetcom
charlesmeaden
sachag
frankvandijk
inesmontani
maggiecrowley
rocio
helmedeiros
bkeepers
tammyeverts
jdejongh
gurzu
cassininazir
![- or - data = JSON.loads(request.body) name = data["name"] name](https://files.speakerdeck.com/presentations/f61097803075013297b032228b43df58/slide_44.jpg){kind=link}
![payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,](https://files.speakerdeck.com/presentations/f61097803075013297b032228b43df58/slide_45.jpg){kind=link}
