API Design Review - Webhooks v2
AI Summary
Review session for the new webhook API design. Current webhook system has reliability issues and limited event types.
The v2 design introduces: 1) Event payload versioning, 2) Retry with exponential backoff, 3) Webhook signature verification (HMAC-SHA256), 4) Event filtering by type at registration time.
John walked through the OpenAPI spec. The team suggested adding a "test webhook" endpoint that sends a sample payload - very useful for customers debugging their integrations.
Discussion about backwards compatibility: v1 webhooks will continue to work for 6 months after v2 launch, with deprecation warnings. This gives customers time to migrate.
Event types to support at launch: task.created, task.updated, task.deleted, meeting.processed, comment.added. More events can be added post-launch based on demand.
Documentation will include code samples in Python, Node.js, and Go.
Key Points
- Webhooks v2: event versioning, retry with backoff, HMAC signatures, type filtering
- New feature: 'test webhook' endpoint for debugging
- Backwards compatibility: v1 supported for 6 months post-launch
- Initial events: task.*, meeting.processed, comment.added
- Documentation: code samples in Python, Node.js, Go
Suggested Tasks2 items
Finalize webhooks v2 OpenAPI specification
Assignee: John Martinez
Implement HMAC signature verification
Assignee: Mike Thompson