31 lines
878 B
Markdown
31 lines
878 B
Markdown
# 07 Webhooks Audit
|
|
|
|
Source checked: Uber Eats "Webhook" section shared by you.
|
|
|
|
## Implemented Now
|
|
|
|
- Webhook signature verification using `X-Uber-Signature`:
|
|
- HMAC SHA256 over raw request body
|
|
- key = Uber client secret
|
|
- Optional webhook Basic Auth validation if configured in `.env`.
|
|
- Retry-safe de-duplication via deterministic webhook dedupe key.
|
|
- Response behavior aligned to doc:
|
|
- return `200` with empty body on valid webhook receipt.
|
|
- Persisted webhook metadata includes:
|
|
- `event_type`
|
|
- `resource_id`
|
|
- `resource_href`
|
|
- signature and dedupe key
|
|
|
|
## Existing Before
|
|
|
|
- Webhook endpoint already present.
|
|
- Event payload and headers persistence.
|
|
|
|
## Pending
|
|
|
|
- Per-event downstream job workers (accept/deny SLA orchestration).
|
|
- Alerting if order accept/deny not sent before timeout window.
|
|
- Full typed schema validation per webhook `event_type`.
|
|
|