This section describes what makes Mambu's webhooks a trusted part of every integration targeting an 100% automation.
Every notification to be sent out is recorded in the communication history. The notification is recorded with the computed version of the payload. In case of resend for the failed one the computed version of the payload will be used.
The engine backs up the delivery of the notifications with a re-try mechanism build on the exponential back-off pattern. In case of an undelivered notification the system will attempt to perform the call for 5 times at different time intervals. If threshold is reached with no success in the delivery no automatic re-try is performed. The manual on demand re-try option via the APIs can be performed for failed communications, also available for bulk resend.
The high configurability it is sourced out of:
- URL template for the call destination
- payload template which can transport static and dynamic information in any format to the destination. For the dynamic data usage is enabled by the placeholders
- support for API calls types: POST, PUT, PATCH
- support for any text representation of the data in the payload through the ContentType headers: application/json, application/xml, text/plain
We do take care of the security, so to prevent your application from being publicly exposed and potentially called by applications other than your Mambu account, we recommend the usage of a crypto noun(some secret key) as part of the payload. The secret is known by the receivers end as well.
Including this secret within each webhook your application should check that this key is the expected one before taking any action.
As always, we also highly recommend to use HTTPS(TLS v1.2) for all communications to prevent eavesdropping.
Authenticated calls are supported as long as the receivers end is geared up with an authentication layer based on Basic Auth strategy, username and password.
The target enrollment for webhooks notification is subscription based. During webhook creation time the admin can choose for OPT-IN(targets are manually subscribed to the notification) or OPT-OUT(targets are auto subscribed to the notification when the creation process is successfully completed).