admin/UBER-EATS-Wrapper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
UBER-EATS-Wrapper/docs/developer-portal/07-webhooks-audit.md

1.1 KiB
Raw Blame History

07 Webhooks Audit

Source checked: Uber Eats "Webhook" section shared by you.

Implemented Now

  • Webhook signature verification using X-Uber-Signature:
    • HMAC SHA256 over raw request body
    • key = Uber client secret
  • Optional webhook Basic Auth validation if configured in .env.
  • Retry-safe de-duplication via deterministic webhook dedupe key.
  • Response behavior aligned to doc:
    • return 200 with empty body on valid webhook receipt.
  • Persisted webhook metadata includes:
    • event_type
    • resource_id
    • resource_href
    • signature and dedupe key
  • Added explicit event handling for store.menu_refresh_request:
    • mapped via store_id
    • records latest menu refresh request metadata on uber_connections
    • stores webhook UUID and X-Environment marker

Existing Before

  • Webhook endpoint already present.
  • Event payload and headers persistence.

Pending

  • Per-event downstream job workers (accept/deny SLA orchestration).
  • Alerting if order accept/deny not sent before timeout window.
  • Full typed schema validation per webhook event_type.