Webhooks and security

Setting Up Webhooks

When using the Vumi Finlink API, you can configure a webhook to receive updates made to your applications' connections. These updates include:

• First full import of a connection.

• Manual and daily updates performed on the same connection.

• Events such as the generation of restore and update tokens for the same connection.

Configuring a webhook

To configure a webhook, go into App Settings -> App Client. There you'll find the webhook section, where you can introduce a valid URI to which we'll send webhook messages. This URI can't be pointing to localhost, and should use https.

Best Practices for Using Webhooks

Handling Duplicate and Out-of-Order Webhooks

To ensure that your application handles webhooks efficiently, it is critical to design it to handle duplicate and out-of-order webhook events. This can be achieved by

• Ensuring idempotency in the actions taken upon receiving a webhook

• Avoiding reliance on a particular order of webhook receipt when using webhooks to control application state

Ensuring Reliability and Self-Healing

Webhooks can be missed if there is downtime longer than the retry period. To mitigate this, implement the following practices:

• Allow your application to self-heal by querying our other API endpoints for status if a webhook is not received within a specified timeframe.

• Ensure that any data present in webhooks is also available through our other APIs, providing a fallback mechanism.

Simplifying Your Webhook Receiver

To increase the reliability of your webhook handling, keep your webhook receiver as simple as possible. A good practice is to design a receiver that:

• Writes the webhook to a queue or reliable store.

• Responds quickly to avoid failed deliveries.

• Minimizes the amount of processing done in the receiver to avoid being overwhelmed during spikes in webhook traffic.