What are Outbound Webhooks?
Outbound webhooks are a mechanism that allows Community to send HTTP requests to external systems based on events that occur within our platform. These external systems can include customer-owned servers or serverless functions like AWS Lambda. Outbound webhooks facilitate custom integrations by relaying event data (e.g., member updates, inbound messages) to third-party systems, enabling automated bot logic, communication workflows, and other external actions.
What problems are we solving with this feature?
The introduction of outbound webhooks addresses the challenge of creating one-off bot solutions that previously required significant engineering overhead. With outbound webhooks, we delegate custom logic to the periphery of our system, enabling faster, more flexible integrations without impacting the core architecture. This reduces engineering effort, improves scalability, and allows us to say “yes” to more business opportunities that require custom bot solutions or integrations.
What are some use cases for Outbound Webhooks?
-
Bot Solutions: Webhooks can be used to receive inbound messages, process them through keyword matching, and send relevant responses (e.g., sending activation codes or adding members to sub-communities).
-
Error Reporting: Outbound webhooks can generate error reports for asynchronous inbound requests, giving customers better visibility into system issues without relying on support.
-
Streaming Data: Webhooks can be used to stream member updates, eliminating the need for third-party services like Zapier.
How do we measure the success of this feature?
Success will be measured by our ability to reduce engineering overhead while increasing the number of business opportunities we can embrace. Metrics of success include:
-
The number of custom integrations that can be implemented using outbound webhooks.
-
The frequency of successfully saying “yes” to new custom bot projects without delaying other core feature developments.
How do outbound webhooks work?
Outbound webhooks operate by configuring HTTP requests that are triggered by specific events. These events could include inbound messages, sub-community membership updates, or error reports. The requests are sent to external systems, allowing those systems to perform custom actions such as sending a message, updating a database, or triggering a bot response.
What infrastructure supports outbound webhooks?
The feature is powered by two services:
-
outbound_webhooks_consumer: Consumes entity and message events and creates webhook requests based on predefined configurations.
-
outbound_webhooks_gateway: Handles the actual HTTP requests, retries failed attempts with exponential backoff, and publishes events to track the success or failure of each webhook request.
How do we ensure security?
Security is a priority for outbound webhooks. Each webhook request payload is signed using HMAC with the SHA-256 hashing function. A signing secret is generated during webhook creation and stored securely in a vault. Additionally, headers that contain sensitive information, such as API keys, are also stored securely in vaults and fetched on-demand.
What is the difference between API Auth Tokens and Outbound Webhooks?
-
Purpose:
-
Outbound Webhooks: These allow automatic HTTP requests to external systems based on internal events (e.g., new messages or member updates). They enable two-way communication with third-party systems for custom workflows like bot responses or data updates.
-
API Authentication Tokens: These tokens provide a simpler way for external systems to authenticate with Community’s API. They replace the more complex OAuth 2.0 process, allowing users to securely access and interact with Community’s platform.
-
-
Interaction:
-
Outbound Webhooks: Triggered by specific events, they send data out to external systems in real-time to facilitate automated actions.
-
API Authentication Tokens: Used when an external system needs to access Community’s API, tokens authenticate requests, ensuring authorized actions can be performed (e.g., fetching data).
-
In summary, outbound webhooks handle event-based external actions, while API authentication tokens manage secure access to Community’s API for external systems.