There’s been some discussion on twitter about what people want out of our webhooks. I’d like to open up the floor; What would you like out of our webhooks. Here’s some ideas that have been suggested before to get the ball rolling…
SSL cert pinning (you tell us what cert you’re using and we’ll only talk to that.
SSL only (now that lets encrypt is a thing)
Re-Push webhooks when you add a note, or change the category.
An api endpoint where you can ask for the last n webhooks to be replayed.
Authorisation webhooks, we could actually ask you before approving transactions (maybe, lots of issues to think about here…)
Let the webhook receiver respond with a kind of JSON patch. With this you could do things like “I want to automatically add the word “business trip” to any txns i make in the next week.”
Once that’s done (and the default certificate-validation policy, in absence of user-provided constraints such as pinning, documented), the examples should be changed to https:// rather than http://, in order to not encourage users to send financial data in plaintext.
Certificate based authentication goes both ways. Perhaps present a client certificate to the webhook receiver server, as an alternative option to signature.
Not really a web hook suggestion but for API ideas @anon94554600 heres mine;
API Endpoint for updating a feed item I’ve created. (For example with a Amazon order update it can update the feed item)
API Endpoint for removing a feed item I’ve created.
API Endpoint for listing the feed items I’ve created
API Endpoint for bumping up a feed item to the top of the list.
“I’ve created” just meaning from the client Id that created it.
Just a random question I’d like to be able to bump feed items back to the top of the list. It’s a choice between removing the feed item and recreating it - saving creating another endpoint, or is it easier to update a timestamp and have it move up the list - since essentially its the same feed item with new content not a new feed item?
I would really like to have the authorization webhook feature, it would be good if there was a fallback option that could be set as well, so if the webhook authorization call fails then default to accept, reject, accept for under 50 etc …
Is this something that is now available? likely to be implemented? I would be happy to test it out.
I haven’t used webhooks yet but I plan to start experimenting soon. Is there currently a re-push when a transaction is settled? If not that would be pretty useful to account for foreign transactions. Perhaps something similar for deleted or expired unsettled transactions such as the occasional <= £1 card check.
Signing of the payload.
Force https.
Signing of the payload.
Like the idea of being able to update a previously sent feed item.
Oh and signing of the payload, it’s basically a deal breaker for me using the webhook feature for anything more than triggering fetching thr last transaction from the API.
Yes, I, normally, get 3 JSON documents pushed for a single transaction, first for the authorization for the payment, then a JSON message for the coin jar with a reference to the transaction ID and then one for the settlement, also with the transaction ID.
