Core responsibilities
Your webhook endpoint should:- Receive HTTP POST requests from Pocketsflow.
- Verify that each request is genuine using signatures.
- Parse the JSON payload.
- Process the event in an idempotent way (handle duplicates safely).
- Respond with a 2xx status code when processing succeeds.
Idempotency
Your code should be safe to run more than once with the same event. Typical approach:- Each event has a unique ID.
- Before processing, check whether you’ve already seen that ID.
- If yes, skip; if no, record it and proceed.
- Retries during transient errors.
- Bugs that cause the same event to be delivered twice.
Handling retries
If your endpoint returns a non-2xx status or times out:- Pocketsflow may retry delivery for a period of time.
- Keep your webhook handler fast—offload heavy work to background jobs or queues.
- Return a 2xx status only after you’ve safely recorded the event.
Error handling
Plan for:- Invalid payloads.
- Internal service outages.
- Temporary connectivity issues.
- Log errors with enough context to debug later (event ID, type, and timestamp).
- Consider monitoring or alerting when your error rate exceeds a threshold.
Example flow
Regardless of language, the pseudocode usually looks like:- Read the raw request body.
- Verify the signature using your signing secret.
- Parse JSON into an event object.
- Check if the event’s ID has already been processed.
- If not:
- Route based on
event.type(for example,order.created,subscription.canceled). - Perform the relevant action (update database, send message, etc.).
- Mark the event ID as processed.
- Route based on
- Return HTTP 200.