0

We have implemented a webhook receiver in PHP with Apache and it normally works fine. But when the server gets very busy, Apache takes long to complete the request and the webhook goes into retry mode. From there is just escalates. Each time the payload is bigger and the response longer. We send the response once we have verified the security, so we only process the payload after we sent the response.I have even tried to just respond immediately without verifying the security once the first response was toot long, but it still takes too long. it seems that the time it takes just to recieve the payload is too long.
And once it happened 3 times there is no recovery. I have to delete the webhook in XERO and set it up again.

So, is there a way to let XERO know what is the last event we received, so that it does not keep on sending events that we already processed?

Or is there a better way to implement a webhook receiver? Maybe node.js, Python, C++, Go? Which is the fastest and most reliable?

Thanks Andre

Tried to send response before payload is processed

AndreT
  • 11
  • 3

1 Answers1

0

There are a number of steps you can take to ensure that your server responds correctly.

The first is to use two separate processes to handle webhooks. The first process logs the payloads received and responds with the correct code. The second process uses the log to perform whatever actions you require triggered from the webhook. This ensures that any delays on the second part, don't cause a delay in your response.

Another step would be to log the EventSequence numbers in each payload. This will allow you to see if Xero is retrying the events, and signal that there was an error in responding to the previous payload.

sallyhornet
  • 364
  • 2
  • At the moment we send the response as soon as we verified the signature. Only after we sent the response, we process to process the payload, so i don't know if logging the payload will make any difference, but I will try it. Thanks – AndreT Jan 06 '23 at 12:21
  • So if XERO sends duplicates and I respond with an error, won't it just continue to resend the same set of events again? – AndreT Jan 06 '23 at 12:23
  • You should only respond with an error if the signature is incorrect or there is another problem with the data. You would need to accept the payload and then add in a check for duplicates after receiving the payload so that you don't process them – sallyhornet Jan 09 '23 at 08:40
  • Ok, but that won't solve my problem as the webserver takes more than 5 seconds to receive and save the payload when the payload is big and the server is very busy. I think the problem is that apache gets too busy and cannot process the webhook request from XERO in time. Maybe I should give Apache more threads or I need a totally different process to do the webhook requests that are independent of Apache or even on a different server. – AndreT Jan 10 '23 at 11:22
  • It would also be nice to be able to send XERO the EventSequence of the last event received so that XERO can just send the new ones from there. – AndreT Jan 10 '23 at 11:24