Webhooks and security

Our API supports asynchronous workflows through the configuration of webhooks. We recommend implementing them for a smoother experience!


Setting Up Webhooks

When using the Vumi Finlink API, you can configure a webhook to receive updates made to your applications' connections. These updates include:

  • First full import of a connection.

  • Manual and daily updates performed on the same connection.

  • Events such as the generation of restore and update tokens for the same connection.

Configuring a webhook

To configure a webhook, go into App Settings -> App Client. There you'll find the webhook section, where you can introduce a valid URI to which we'll send webhook messages. This URI can't be pointing to localhost, and should use https.

Best Practices for Using Webhooks

Handling Duplicate and Out-of-Order Webhooks

To ensure that your application handles webhooks efficiently, it is critical to design it to handle duplicate and out-of-order webhook events. This can be achieved by

  • Ensuring idempotency in the actions taken upon receiving a webhook

  • Avoiding reliance on a particular order of webhook receipt when using webhooks to control application state

Ensuring Reliability and Self-Healing

Webhooks can be missed if there is downtime longer than the retry period. To mitigate this, implement the following practices:

  • Allow your application to self-heal by querying our other API endpoints for status if a webhook is not received within a specified timeframe.

  • Ensure that any data present in webhooks is also available through our other APIs, providing a fallback mechanism.

Simplifying Your Webhook Receiver

To increase the reliability of your webhook handling, keep your webhook receiver as simple as possible. A good practice is to design a receiver that:

  • Writes the webhook to a queue or reliable store.

  • Responds quickly to avoid failed deliveries.

  • Minimizes the amount of processing done in the receiver to avoid being overwhelmed during spikes in webhook traffic.

Last updated