Webhooks Overview
Last updated: April 1, 2020
Webhooks are used to update an external service when an event occurs. Typically, with APIs (Application Programming Interface), a user interface, also known as a front-end, communicates with a defined back-end where the core business logic reside. Webhooks enables two or more back-ends to communicate with each other directly and exchange information. Usually, webhooks are used when an event at one service needs to update another service, but the two services are completely separate. Therefore, a service A would send a call to the specified webhook URL of service B, so that service B can perform the required action.
Meveto service will send POST HTTP request with a payload to the specified URL of your service (application), when an event occurs that is related to a user of your service. The best example is when a user is requesting a logout from your application directly from their Meveto dashboard. Meveto will send a webhook call to your app and expects a 2xx (any HTTP response code between 200 and 299 but typically 200) response, when your app receives the call. If your app fail to respond with a 2xx status, then Meveto will flag the attempt as failure.
It is strongly recommended to always acknowledge the reception of a webhook call immediately, even before starting to process it. This will ensure that a timeout issue will not cause failure of the call. For this to work, your app must rely on a queueing system. Your app should queue the task that's to be performed (like processing a user logout), and then return a 200 HTTP response right away. Your app can then run the queued task.
Exponential back-off strategy
Usually, the very first webhook call is expected to be successful. If not, then Meveto will attempt the same call again for 2 more times, and each time increasing the time between the attempts. The second attempt will be made exactly after 60 seconds of the failure of the first attempt. If the second attempt also fails, then the third and last attempt will be made after 10 minutes, or 600 seconds. If the last attempt is also failed, Meveto will notify you, by your registered email address, about the failure so that you can take swift action, and fix the issue.
Continuous webhook calls failures
Meveto is all about enabling users to take control of their online identity and remain safe. Meveto can never fulfill this obligation, without the support and help of those applications that integrate Meveto. Consider a scenario. User X forgets to logout of your application on a friend's device, or worse, on a public device. With Meveto, user X now has their peace of mind because they can, at any time, logout of your app using their Meveto dashboard. User X requests to logout of your app, and Meveto sends this call to your app via a webhook call. All hopes of user X, and their peace of mind, relies on the successful delivery and processing of the webhook call. If it fails, user X doesn't know and their account is still not logged out. This creates a very unpleasant situation, and can even lead to serious issues, such as unauthorized use of user X account on your app.
For this reason, Meveto has a strict policy when it comes to the successful delivery, and subsequent processing, of the webhook calls that we dispatch. Therefore, Meveto will suspend your application's integration in the following scenarios:
When 25% or more webhook calls fail to your application over a period of 3 days (72 hours). When 5%, or more, users of your application report an issue with your app, that is directly or indirectly related to the webhook calls, that Meveto dispatch to your application.