I have successfully implemented HTML5 Push Notifications for my site, for news updates and user events. If an endpoint is no longer valid (for whatever reason, but generally because a user revoked permission in their browser) I get a 404 or 410 status from the push server when I try to send a notification. Then I remove that endpoint from my records.
But what I would like is to be a little more proactive and check if an endpoint is valid, so my stats of subscribed users are more realistic and are not updated only when a notification fails to send (which could take days or weeks).
I thought of sending an invalid push message (for example with the wrong VAPID keys) but I don't have the guarantee that a server would check the validity of the endpoint before the validity of the payload, so even if this worked it could break in any moment.
Is there any more elegant way that I could do this?
Related
I am new to Stripe and payments in general. I've found few articles on the internet with the examples and guidelines eg. this one. As i noticed the algorithm for creating the payment looks like this:
Client app fetches the publishable Stripe key from the server
Server application creates the checkout session, client app fetches the checkout session id using retrieved publishable key
Client app redirects to checkout
User finishes the payment and being redirect back to client app
Please correct me if i'm wrong. In general i don't understand one thing - how the server application knows that the payment is completed successfully or not? Should i redirect the flow from stripe checkout to backend first, process the result and the from the backend call the frontend again? Or should i somehow use the checkout session to check has it been completed? Shall i use some kind of cron then to process pending checkout sessions? Thanks in advance for any help. Regards
Basically, what you lay out is viable. You can check the Session status when the client is directed back to your server, but you will want to check this status at least one other way, either via a webhook or the cron job you mention.
Should i redirect the flow from stripe checkout to backend first, process the result and the from the backend call the frontend again?
This is possible. Stripe allows you to add the {CHECKOUT_SESSION_ID} template parameter to your Checkout's success URL, when the user is redirected after their checkout, that template will be replaced with the actual Checkout Session ID which you can use to retrieve the Session and its status.
That being said, it is possible for a Customer to make a payment but have their connection cut out before navigating back to your page. So, if you rely on that redirect the customer will be charged but you will never know to fulfill their order. That leads to unhappy customers so Stripe typically recommends setting up a webhook endpoint on your server[2] so that they can send you a checkout.session.completed event to notify you that the customer has finished their Checkout Session. That way, even if a customer never gets to your success page, you will know to fulfill their order.
[1] https://stripe.com/docs/payments/checkout/custom-success-page#modify-success-url
[2] https://stripe.com/docs/payments/checkout/fulfill-orders
Is there any guidelines/recommendations for the webhook URL that I can use for setting up the event notifications?
I am thinking of using something like this - /webhook/v1/{uniqueAppID}. The uniqueAppID changes for every envelope, I dynamically construct the URL and set it to the EventNotification object while creating the envelope.
The unique app id is used to track the response from DocuSign, So if at all there is any issue in parsing the response, I would know for which envelope/app id I have got the notification.
I read that the system will retry delivery for failures only after a successful acknowledgement is received from the webhook, In my case, it will be like having multiple webhooks. Will this setup cause any issues in retrying the failures? Does setting up the url like /webhook/v1?uniqueAppID={uniqueAppID} helps?
Thank You
Great questions.
First up, you don't have to use any kind of endpoint/URL schemes. You could have them all go one place. The information that you get from DocuSign in the payload would allow you to know everything you need about the envelope and if you need additional information - you could make API calls to determine this.
However, I would agree that if you need this information, using different endpoints would give you greater flexibility. Also, if it's different apps, you could, in theory, deploy them separately and thus the endpoint code would change without affecting other apps.
As for retry, this is done in case DocuSign does not get a 200, 201 or other HTTP response that's positive from your web server. If DocuSign gets 401 or 500 etc. If no response is received, DocuSign would retry again in 24 hours.
That should not impact your decision about the design.
One last thing to consider, you cannot be behind firewall/VPN etc. Highly recommend you consider a public cloud provider (Azure, AWS, Google) for your app to avoid networking issues.
When using envelope-level webhooks, the triggers and destination URI are embedded into that envelope. After the envelope enters a predefined state like 'sent' or 'completed', the writeback targets the URI that you provided. Unless you intentionally change this, it should remain envelope-specific.
This is different from our typical Connect setup, which would have a single URI per listener and envelopes writebacks would be directed to the listener URI at the time they're processed.
Any subsequent failure or retry attempts would follow the standard guidelines outlined here: How to get docusign webhook to retry on failure?
I previously used different push notification provider (they did not use VAPID keys) and got users subscribed to the service. Now, when I switched the push notification provider I'm in a situation where I kinda lost all previous subscribers, because they will not get the permission window again as they have already agreed to receive notifications. Is there a way to automatically update(re-subscribe?) the subscriber as he visits my webpage with a VAPID key pair so the "old" subscribers can still receive my push notifications?
Me again, I found that if you get the subscription with getSubscription() and then use the unsubscribe() function followed by another subscribe() function, you "update" the subscription and everything works without user interaction. The only real "issue" is that you can only update the subscription if the same user visits your page again.
I am using the DocuSign Rest API v2. During envelope creation process, we will send our rest API URL to receive the notifications.
The events are properly receiving in our live setup. But in our local development setup we are not receiving the notifications.
For this, we have whitelisted the IP ranges mentioned in the DocuSign Page on our side.
https://trust.docusign.com/en-us/trust-certifications/ip-ranges/
But still, we are not receiving notifications to the development setup.
What else we need to do to get this done?
Unfortunately I'm unable to respond to the original post, however I've experienced the same issue (reported here). It only appears to occur when envelopes are sent as far as I can tell, and I'm able to retrieve the status afterwards - but it's not in line with what the API guide tells us, nor what was happening previously.
Use Case: A user has supplied Plaid with credentials to "amex". For some reason, that user changes their password. Plaid can no longer access Amex on behalf of the user.
Problem: I believe that right now, the information flow for bad credentials is that an error message is received when the Plaid client checks for updated information (e.g. new transactions). However, Plaid probably knows about the incorrect credentials prior to that request. Relying on a synchronous event (requesting new transactions from the PlaidAPI, e.g.) to communicate the error potentially leaves Plaid customers in a bad state.
It would be nice to see something like
"code"=>"49","message"=>"Credentials Invalid","access_token"=>"XYZAAAA"
Great point - we have been working on more far reaching webhooks for situations where credentials have changed, accounts are locked, etc. I'll keep you posted as we add this functionality.
In the meantime, you are now able to use the PATCH endpoint to update credentials for existing users. Check it out in the docs here: https://plaid.com/docs#Docs_Update_Credentials
Thanks again for the input and let me know if you have any other questions!
Carl