Webhook Implementation
Best Practices
Respond immediately:
- Validate signature
- Return 200/202 within 1 second
- Queue for async processing
- Process in background
Idempotency:
- Store webhook
idbefore processing - Check if already processed
- Return 200 for duplicates
Out-of-order handling:
- Use state machine
- Only allow forward progress
- Use timestamps for resolution
Fulfillment Logic
Fulfill on payment.succeeded only.
Don't fulfill on:
- Return URL callbacks (manipulatable)
- Other webhook events
Retry Mechanism
Automatic retries on failure:
| Attempt | Delay |
|---|---|
| 1 | Immediate |
| 2 | 1 minute |
| 3 | 5 minutes |
| 4 | 15 minutes |
View failed webhooks at portal-test.sweuze.com.
Testing
Local development:
ngrok http 8000
Test scenarios:
- Successful payment
- Canceled payment
- Signature validation
- Idempotency
- Retry mechanism