Skip to content

Author a webhook integration and signature-verification guide for subscribers in docs/webhook-integration-guide.md #884

Description

@1nonlypiece

📌 Description

The backend ships webhook delivery with HMAC signing, timestamp/nonce replay
protection, schema versioning, and a dead-letter store, but there is no
consumer-facing guide explaining how an external integrator should verify
signatures, handle retries, and process events idempotently
. docs/webhooks.md
covers the internal design; subscribers need an integration handbook.

This issue authors a subscriber-facing webhook integration guide.

🎯 Requirements and Context

  • Document the signature scheme (HMAC algorithm, signed payload, timestamp and
    nonce headers) with a verified pseudocode/example verifier.
  • Document retry/backoff behaviour, dead-lettering, and how to use the replay and
    test-ping endpoints.
  • Document event schema versioning and content negotiation.
  • Include an idempotent-consumer pattern using the delivered event id.

🛠️ Suggested Execution

1. Fork the repo and create a branch

git checkout -b docs/webhook-integration-guide

2. Implement changes

  • Author docs/webhook-integration-guide.md, cross-linking docs/webhooks.md.
  • Add src/tests/docs.webhookGuide.test.ts asserting the doc exists and documents
    the current signature header names and schema versions (guards against drift).

3. Test and commit

  • Run: npm test -- src/tests/docs.webhookGuide.test.ts
  • Cover edge cases: header names match implementation, example verifier matches
    the signing algorithm, schema-version list current.

Example commit message

docs: subscriber-facing webhook integration and signature-verification guide

✅ Guidelines

  • Minimum 95% test coverage on any helper/assertion code added.
  • Doc must match the implemented signing/headers exactly.
  • Timeframe: 96 hours.

🏷️ Labels

type-documentation · area-backend · MAYBE REWARDED · GRANTFOX OSS · OFFICIAL CAMPAIGN

💬 Community & Support

  • Join the contributor Discord to coordinate, ask questions, and get unblocked fast: https://discord.gg/xvNAvMJf
  • Please introduce yourself in the channel before you start so we can avoid duplicate work, pair you with a reviewer, and get your PR merged quickly.
  • Maintainers actively triage this channel and aim for fast, clear, respectful reviews — reach out any time you're blocked.

Metadata

Metadata

Assignees

Labels

Type

Fields

No fields configured for Task.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions