Outgoing Webhooks

Introduction

Webhooks allow for users to be notified via HTTP request when activity takes place on potentially any piece of data in your application. Bullet Train applications include an entire user-facing UI that allows them not only to create webhook endpoints, but also see a history of their attempted deliveries and debug delivery issues.

Default Event Types

Bullet Train can deliver webhooks for any model you've added under Team. We call the model a webhook is being issued for the "subject".

An "event type" is a subject plus an action. By default, every model includes created, updated, and destroyed event types. These are easy for us to implement automatically because of Active Record Callbacks.

Custom Event Types

You can make custom event types available for subscription by adding them to config/models/webhooks/outgoing/event_types.yml. For example:

payment:
  - attempting
  - succeeded
  - failed

Once the event type is configured, you can make your code actually issue the webhook like so:

payment.generate_webhook(:succeeded)

Delivery

Webhooks are delivered asynchronously in a background job by default. If the resulting HTTP request results in a status code other than those in the 2XX series, it will be considered a failed attempt and delivery will be reattempted a number of times.

Security

Your outgoing webhook events come with a signature that your users can verify on the receiving end. More info in the Security section of the Incoming Webhooks docs

Endpoint Deactivation

Note: This feature is disabled by default.

To prevent resource waste and improve system reliability, Bullet Train can automatically deactivate webhook endpoints that consistently fail to receive deliveries. This feature helps handle situations where an endpoint URL goes down hard and stays down for an extended period.

This automatic deactivation system ensures that resources aren't wasted on persistently failing endpoints while still providing a reasonable grace period for temporary outages and recovery scenarios.

How to enable

Open config/environments/development.rb and config/environments/production.rb and set automatic_endpoint_deactivation_enabled to true:

config.outgoing_webhooks[:automatic_endpoint_deactivation_enabled] = true

Optionally configure other related settings:

  config.outgoing_webhooks[:automatic_endpoint_deactivation_settings] = {
    max_limit: 50,
    deactivation_in: 3.days
  }

How it works:

  1. Normal Operation: Webhooks are delivered normally to healthy endpoints
  2. Endpoint Failure: When an endpoint becomes unavailable, webhook deliveries begin failing
  3. Delivery Attempts: New webhook deliveries (WD1, WD2, WD3, etc.) are attempted but fail and trigger reattempts
  4. Exhaustion Tracking: After ~25 hours, WD1 exhausts its reattempts and increments the endpoint's failed deliveries counter to 1
  5. Counter Increment: As other delivery attempts become exhausted, the failed counter continues to increment
  6. Deactivation Mark: Once the counter reaches the maximum threshold (max_limit config), the endpoint transitions to the "marked for deactivation" state
  7. Grace Period: Additional deliveries may still be attempted for 3 days after the endpoint is marked for deactivation. The period can be configured with deactivation_in config.
  8. Final Deactivation: After the deactivation_in grace period (3 days by default), the next delivery attempt to become exhausted will trigger the endpoint to be deactivated.
  9. Next Deliveries: All future deliveries will be ignored and no attempt will be created. However, deliveries will still be created for debugging purposes and to ensure that the webhook was triggered.

Recovery:

If any delivery is successfully delivered before the endpoint is deactivated (indicating the endpoint URL has recovered), the system will:

  • Reset the endpoint's failed deliveries counter to 0
  • Unmark the endpoint for deactivation
  • Resume normal webhook delivery operations

Future Plans

  • Allow users to filter webhooks to be generated by a given parent model. For example, they should be able to subscribe to post.created, but only for Post objects created within a certain Project.
  • Integrate Hammerstone Refine to allow even greater configurability for filtering webhooks.