Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crafting a Great Webhooks Experience

Avatar for John Sheehan John Sheehan
August 21, 2014
Technology
0
170

Crafting a Great Webhooks Experience

Presented at API Craft SF on 8/21/14
Avatar for John Sheehan

John Sheehan

August 21, 2014
Tweet

More Decks by John Sheehan

See All by John Sheehan
My Favorite API Tools (Other than Runscope)
Avatar for John Sheehan johnsheehan
0
150
Crafting a Great Webhooks Experience
Avatar for John Sheehan johnsheehan
2
510
Glue 2015: Microservices - More than just a buzzword.
Avatar for John Sheehan johnsheehan
2
670
Scale-Oriented Architecture with Microservices
Avatar for John Sheehan johnsheehan
2
330
The rise of distributed applications.
Avatar for John Sheehan johnsheehan
2
440
Zen and the Art of API Maintenance
Avatar for John Sheehan johnsheehan
2
2.4k
Building API integrations you can live with.
Avatar for John Sheehan johnsheehan
0
100
Free API debugging and testing tools you should know about.
Avatar for John Sheehan johnsheehan
5
830
Modern Tools for Modern Applications
Avatar for John Sheehan johnsheehan
1
180

Other Decks in Technology

See All in Technology
genspark_presentation.pdf
Avatar for h.uriu haruki_uiru
1
190
2025-04-14 Data & Analytics 井戸端会議 Multi tenant log platform with Iceberg
Avatar for kamijin_fanta kamijin_fanta
1
180
バクラクの認証基盤の成長と現在地 / bakuraku-authn-platform
Avatar for convto convto
4
910
テストって楽しい!開発を加速させるテストの魅力 / Testing is Fun! The Fascinating of Testing to Accelerate Development
Avatar for END aiandrox
0
160
更新系と状態
Avatar for uhyo uhyo
8
2.2k
Serverlessだからこそコードと設計にはこだわろう
Avatar for Ken'ichirou Kimura kenichirokimura
2
340
CodeRabbitと過ごした1ヶ月 ─ AIコードレビュー導入で実感したチーム開発の進化
Avatar for mitohato14 mitohato14
1
240
AIと共に乗り越える、 入社後2ヶ月の苦労と学習の軌跡
Avatar for Sai Kaneko sai_kaneko
1
200
グループ ポリシー再確認 (2)
Avatar for Murachi Akira murachiakira
0
220
LINE 購物幕後推手
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
340
250510 StepFunctionのテスト自動化始めました vol.1
Avatar for Takumi Abe east_takumi
1
140
GraphQLを活用したリアーキテクチャに対応するSLI/Oの再設計
Avatar for coconala_engineer coconala_engineer
0
200

Featured

See All Featured
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
94
13k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
51
3.2k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
233
140k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
410
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
57k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.3k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
26k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
349
20k
Building Adaptive Systems
Avatar for Chris Keathley keathley
41
2.5k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
41
2.3k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
693
190k

Transcript

  1. Crafting a Great Webhooks Experience John Sheehan CEO, @Runscope Tuesday,

    October 7, 14

  2. Tuesday, October 7, 14

  3. Tuesday, October 7, 14

  4. Tuesday, October 7, 14

  5. Tuesday, October 7, 14

  6. Tuesday, October 7, 14

  7. "user defined callbacks made with HTTP POST" Tuesday, October 7,

    14

  8. "Webhooks are the easiest way to remotely execute code." --

    Jeff Lindsay once when we were talking Tuesday, October 7, 14

  9. HTTP Push Notifications Tuesday, October 7, 14

  10. A Reverse API Tuesday, October 7, 14

  11. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  12. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  13. Provider makes request to URL when an event happens. Consumer

    sets up a server to listen for callbacks. Consumer registers callback URL with provider. Tuesday, October 7, 14

  14. Tuesday, October 7, 14

  15. Implementing Webhooks Tuesday, October 7, 14

  16. url = get_callback_url() data = get_webhook_payload_json() try: resp = requests.post(url,

    data=data) if not resp.ok: _logger.error(resp.content) except Exception as e: _logger.error(e) Tuesday, October 7, 14

  17. Problem #1: Error Handling Tuesday, October 7, 14

  18. > POST /callback < 400 Bad Request Tuesday, October 7,

    14

  19. > POST /callback < 302 Found < Location: http:// Tuesday,

    October 7, 14

  20. > POST /callback < 200 OK < Content-Type: text/plain <

    <Response></Response> Tuesday, October 7, 14

  21. Error Handling Suggestions Tuesday, October 7, 14

  22. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  23. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  24. Be lenient in what you accept back if you can

    reasonably guess. Retry failed callbacks with exponential back off. Decide if redirects are to be followed or not. Tuesday, October 7, 14

  25. Problem #2: Flooding Tuesday, October 7, 14

  26. Tuesday, October 7, 14

  27. Active Queues ↪ ↪ Tuesday, October 7, 14

  28. Problem #3: Security Tuesday, October 7, 14

  29. > POST http://localhost:3000 Tuesday, October 7, 14

  30. > POST http://foo.lvh.me Tuesday, October 7, 14

  31. DoS Attack Vector Tuesday, October 7, 14

  32. Proving the Source Tuesday, October 7, 14

  33. Validation Techniques Tuesday, October 7, 14

  34. Key Sharing Tuesday, October 7, 14

  35. Request Signing Tuesday, October 7, 14

  36. Re-fetch > POST /callback > { id: 123 } >

    GET /users/123 < { id: 123 } Webhook Callback App Code Tuesday, October 7, 14

  37. Security Suggestions Tuesday, October 7, 14

  38. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  39. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  40. Validate your requests. Document it well! Resolve IPs before making

    request. Consider proxying. Consider subscription validation for high-volume cases. Tuesday, October 7, 14

  41. Developer Experience Tuesday, October 7, 14

  42. Payload Design Tuesday, October 7, 14

  43. Fat vs.Thin Tuesday, October 7, 14

  44. - or - { } payload= Tuesday, October 7, 14

  45. - or - data = JSON.loads(request.body) name = data["name"] name

    = request.form.get("name") Tuesday, October 7, 14

  46. payload = request.form.get("payload") data = JSON.loads(payload) name = data["name"] Tuesday,

    October 7, 14

  47. Mirror API Resources Tuesday, October 7, 14

  48. Complete Documentation! Tuesday, October 7, 14

  49. Tooling Tuesday, October 7, 14

  50. Accept Multiple Callback URLs Tuesday, October 7, 14

  51. Hooks API Tuesday, October 7, 14

  52. Debugger & Logs Tuesday, October 7, 14

  53. Manual Retries Tuesday, October 7, 14

  54. Generate Test Callbacks Tuesday, October 7, 14

  55. Tunneling Tuesday, October 7, 14

  56. Thank you! Questions? Try Runscope free: runscope.com Tuesday, October 7,

    14