all Technical posts

Responsibilities of Webhook Publishers

In order to establish a solid communication through webhooks, both the publishers and the consumers have to respect their responsibilities. This blog post touches upon the responsibilities of the webhook publisher.

Codit team
15 January 2019

Reliability

As a webhook publisher, you cannot guarantee a continuously stable network connectivity or a consumer with a 100% guaranteed uptime.  Therefore, it’s important to send out the webhooks in an asynchronous fashion and not inline into the process.  An asynchronous implementation must foresee a decent level of automatic retry policies, preferably with an exponential back off.  One could implement a fall-back protocol (e.g. a queue), in case the webhook delivery fails.  Enabling notifications on failure is also helpful, to alert the webhook consumer through different communication channels.

Security

Needless to say that all communication must go through encrypted channels, so via HTTPS.  Next to that, it’s a responsibility to give the webhook consumer a way to identify that the event originates from your system.  A really good and simple approach to this, is allowing the webhook consumer to provide a shared secret during webhook registration.  That secret is used by the webhook publisher to compute hash-based message authentication code, which is added to the HTTP headers.  This gives the consumer the ability to verify the authenticity of the message and to validate message integrity.  A good example can be found here.

Endpoint validation

At the moment of webhook registration, it’s important to validate whether you can access the HTTP endpoint.  If not, it’s advised to return a clear error message to the webhook consumer.  Once the registration is successful, one could continuously validate the availability of the consumer.  This could be done by implementing some kind of heartbeat functionality, every x minutes.  In case of unavailability, you can fire notifications to inform the webhook consumer or even unregister the consumer after a long period of inactivity.  In case you implement such a heartbeat, it’s important to clearly document this, so the webhook consumer knows what to expect.

These are the main responsibilities you have as a webhook publisher.  If you can provide visibility on top of that, you really drive fast adoption of your webhooks.

Cheers!
Toon

Subscribe to our RSS feed

Related articles

An Introduction to Webhooks

Webhooks offer a simple and fast way to spin up processes, fired from events. In this blog post we'll take a look at what webhooks actually are.

Design Considerations for Webhooks

When you need to design a webhook infrastructure yourself, there are some considerations you need to make. This blog post discusses the most important ones.

Consuming Webhooks with Logic Apps

This blog post shows an example of how Logic Apps can be used to react to webhook events.

Send blog to my inbox

Invalid email address

Submit

Thanks, we've sent the link to your inbox

Invalid email address

Submit

Your download should start shortly!

Stay in Touch - Subscribe to Our Newsletter

Keep up to date with industry trends, events and the latest customer stories

Invalid email address

Submit

Great you’re on the list!