Prototype Released
Pranit Bauva
Excited to launch the prototype for Webhooks as a Service. We help technology companies in managing their webhook infrastructure. Our goal is to help companies become worry-free without investing significant engineering time in building and managing their webhook infrastructure, while we work hard to provide great security, reliability, observability, monitoring, alerts, rate limiting and circuit breaking.
We spoke with technology companies which utilise webhooks to understand their concerns and problems, we found out there are three major issues:
- Security: Webhook endpoints are exposed to the public internet which makes them vulnerable to spoofing, replay and man-in-the-middle attacks. We address these concerns by offering a set of fixed static IPs and enabling HMAC signatures so that the receiver can verify that the payload originated from the appropriate source. Each endpoint has a signature secret which is used to compute the HMAC signature along with a timestamp. For our enterprise plans, we offer dedicated IP addresses.
- Reliability: There are times when deployments go wrong either by the sender or by the receiver and a particular version introduces an edge case which makes systems inconsistent forever. It can often take days for corrective deployments. Automatic retries must make sure to keep trying for at least a few days. A functionality to manually retry a set of failed webhooks through a button is also essential in case all automatic retries are exhausted.
- Observability & Alerting: When deployments go down, it is essential to see what exactly happened to reproduce the problem so as to fix it which is why we offer full visibility into all request/response headers, body and status code for all attempts. Setting up alerts can also enable pro-active identification and mitigation of problems.
You can customize whether you want to use the default retry schedule which we recommend or you want to use exponential/constant by tweaking the parameters while creating a send webhook app.
Once a send webhook app is created along with the API Key, here is how you can start sending webhooks:
curl --request POST \
--url https://api.prototype.nirah.app/v1/webhook/send/create \
--header 'Authorization: Bearer NH.KiN5mo5BaGcDkypaqnKJTmyzk7Du9aXi09D6wkYRm1ocx5OI.wOnmTstfwQUvvPPQJM7vYJcdGwYThhThHG38rZ8JrY399IdqY4wozdbrZ95VnK' \
--header 'Content-Type: application/json' \
--data '{
"sendWebhookAppID": "e82c668d-99d9-4f72-b922-66e44dee911f",
"endpoints": [
"https://webhook.site/b8dd6697-bd14-4268-92aa-b11440d4e26e"
],
"method": "POST",
"body": {"nirah":"Webhooks as a Service"},
"headers": {
"X-Custom-Header": "custom-valueABC"
}
}'On visiting the specific send webhook app detail page, one gets to see all the webhooks sent which are associated with it.
For all the webhooks sent, we also list all the attempts failed/succeeded along with details like the request/response body & headers.
Checkout our getting started guide which shows you how to set it up and start sending webhooks within 15 mins.
The docs are put up as well and will be continuously improved. We appreciate your efforts to point out things which are yet unclear to contact <at> nirah.app .
Here is a video demo of the product:
Note: This prototype has ephemeral data and SHOULD NOT BE USED IN PRODUCTION. We will be making a production release sometime soon.