Webhooks and security
Our API supports asynchronous workflows through the configuration of webhooks. We recommend implementing them for a smoother experience!
Setting Up Webhooks
When using the Vumi Finlink API, you can configure a webhook to receive updates made to your applications' connections. These updates include:
First full import of a connection.
Manual and daily updates performed on the same connection.
Events such as the generation of restore and update tokens for the same connection.
Configuring a webhook
To configure a webhook, go into App Settings -> App Client. There you'll find the webhook section, where you can introduce a valid URI to which we'll send webhook messages. This URI can't be pointing to localhost, and should use https.
Best Practices for Using Webhooks
Handling Duplicate and Out-of-Order Webhooks
To ensure that your application handles webhooks efficiently, it is critical to design it to handle duplicate and out-of-order webhook events. This can be achieved by
Ensuring idempotency in the actions taken upon receiving a webhook
Avoiding reliance on a particular order of webhook receipt when using webhooks to control application state
Ensuring Reliability and Self-Healing
Webhooks can be missed if there is downtime longer than the retry period. To mitigate this, implement the following practices:
Allow your application to self-heal by querying our other API endpoints for status if a webhook is not received within a specified timeframe.
Ensure that any data present in webhooks is also available through our other APIs, providing a fallback mechanism.
Simplifying Your Webhook Receiver
To increase the reliability of your webhook handling, keep your webhook receiver as simple as possible. A good practice is to design a receiver that:
Writes the webhook to a queue or reliable store.
Responds quickly to avoid failed deliveries.
Minimizes the amount of processing done in the receiver to avoid being overwhelmed during spikes in webhook traffic.
Last updated