Webhook Best Practices
Review these best practices to ensure your webhooks remain secure and function seamlessly with your integration.
Delivery attempts and retries
Understand how to view delivery attempts, event logs, and the retry logic when webhook events aren't acknowledged.
You can see all webhooks sent by going to the Integrations > Webhooks and clicking the Event Log button. This will show you all sent webhooks, their delivery status, and respective HTTP status codes Prefinery received.
Note: Test events (when you click on the Test button next to an endpoint) are not logged.
Prefinery attempts to deliver your webhooks for a few days with an exponential back off.
Handling webhook events correctly is crucial to making sure your integration's business logic works as expected.
Handle duplicate events
Webhook endpoints might occasionally receive the same event more than once. We advise you to guard against duplicated event receipts by making your event processing idempotent.
Order of events
Prefinery does not guarantee delivery of events in the order in which they are generated. For example, adding a user
might generate the following events:
Your endpoint should not expect delivery of these events in this order and should handle this accordingly.
Keeping your endpoints secure is critical to protecting your customers' information. Prefinery provides several ways for you to verify events are coming from Prefinery in a secure manner.
Receive events with an HTTPS server
If you use an HTTPS URL for your webhook endpoint, Prefinery will validate that the connection to your server is secure before sending your webhook data. For this to work, your server must be correctly configured to support HTTPS with a valid server certificate.
Rotate endpoint signing secret
The signing secret used for verifying that events come from Prefinery is modifiable on the Webhooks page for each project. Click Rotate secret and, after confirming this request, your existing signing secret will be immediately expired and signatures will be generated with the new secret.
Verify events are from Prefinery
Verify webhook signatures to confirm that received events are sent from Prefinery.