A webhook is a subscription that notifies your application via a callback URL when an event happens in Infinite Creator. Rather than requiring you to pull information via our API, you can use webhooks to get information on events that occur.
Notifications are delivered via HTTPS POST in JSON format to the callback URL configured ahead of time. This information can be used to update your system or trigger business processes.
Requirements
In order to receive events, you must register your webhook endpoint’s accessible URL. Registered webhook endpoints must be publicly accessible HTTPS URLs. To acknowledge the receipt of an event, you must return a successful status code (2xx).
You can connect up to 10 webhook endpoints.
We strongly recommend verifying the signature of all webhook events. To learn more, visit
Security.
Delivery behaviors
Retries
If a successful status code is not returned, Infinite Creator assumes that the delivery was unsuccessful. Infinite Creator retries the delivery of event notification for up to 72 hours using exponential backoff. After that deadline, the notification is discarded and not sent again.
Event ordering
We don’t guarantee the delivery of events in the order that they’re generated. Make sure that your event destination isn’t dependent on receiving events in a specific order.
Checklist
Return 2xx
Upon receiving a webhook event, quickly respond with a successful status code (2xx) to acknowledge the receipt of the event notification prior to any complex logic that could cause a timeout.
Requests to your webhook endpoint will time out if they are not acknowledged within 10 seconds.
Handle duplicate events
We make a best effort for “at least once delivery” of webhooks. Webhook endpoints might receive the same event more than once. There should be a guard against duplicated event receipts by making your event processing idempotent.
Deduplicate events by logging the id key of the event.
Exempt from CSRF protection
If you’re using Rails, Django, or another web framework, your site might automatically check that every POST request contains a CSRF token. This is an important security feature that helps protect you and your users from cross-site request forgery attempts. However, this security measure might also prevent your site from processing legitimate events. If so, you might need to exempt the webhooks route from CSRF protection.
Receive events with an HTTPS server
If you use an HTTPS URL for your webhook endpoint, we validate that the connection to your server is secure before sending your webhook data. For this to work, your server must be correctly configured to support HTTPS with a valid server certificate.
Handle events asynchronously
Configure your handler to process incoming events with an asynchronous queue. You might encounter scalability issues if you choose to process events synchronously. Any large spike in webhook deliveries might overwhelm your endpoint hosts.
Asynchronous queues allow you to process the concurrent events at a rate your system can support.