34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
# 07 Webhooks Audit
|
|
|
|
Source checked: Uber Eats "Webhook" section shared by you.
|
|
|
|
## Implemented Now
|
|
|
|
- Webhook signature verification using `X-Uber-Signature`:
|
|
- HMAC SHA256 over raw request body
|
|
- key = Uber client secret
|
|
- Optional webhook Basic Auth validation if configured in `.env`.
|
|
- Retry-safe de-duplication via deterministic webhook dedupe key.
|
|
- Response behavior aligned to doc:
|
|
- return `200` with empty body on valid webhook receipt.
|
|
- Persisted webhook metadata includes:
|
|
- `event_type`
|
|
- `resource_id`
|
|
- `resource_href`
|
|
- signature and dedupe key
|
|
- Added explicit event handling for `store.menu_refresh_request`:
|
|
- mapped via `store_id`
|
|
- records latest menu refresh request metadata on `uber_connections`
|
|
- stores webhook UUID and `X-Environment` marker
|
|
|
|
## Existing Before
|
|
|
|
- Webhook endpoint already present.
|
|
- Event payload and headers persistence.
|
|
|
|
## Pending
|
|
|
|
- Per-event downstream job workers (accept/deny SLA orchestration).
|
|
- Alerting if order accept/deny not sent before timeout window.
|
|
- Full typed schema validation per webhook `event_type`.
|