Best practices

Implement these best practices when using webhooks.

Webhooks provide a powerful method to track the state of transactions and to take actions within your Fanspay account. Review these best practices to ensure your webhooks remain secure and function seamlessly with your integration.

1. Event types

Your webhook endpoints should be configured to receive only the types of events required by your integration. Listening to extra events (or all events) will put undue strain on your server and is not recommended.

2. Delivery attempts and retries

Understand how to view delivery attempts, event logs, and the retry logic when webhook events aren’t acknowledged.

3. Event handling

Handling webhook events correctly is crucial to making sure your integration’s business logic works as expected.

3.1 Handle duplicate events

Webhook endpoints might occasionally receive the same event more than once. We advise you to guard against duplicated event receipts by making your event processing idempotent. One way of doing this is logging the events you’ve processed, and then not processing already-logged events.

3.2 Order of events

Fanspay does not guarantee delivery of events in the order in which they are generated.

4. Security

Keeping your endpoints secure is critical to protecting your customers’ information. Fanspay provides several ways for you to verify events are coming from Fanspay in a secure manner.

4.1 Receive events with an HTTPS server

If you use an HTTPS URL for your webhook endpoint, Fanspay validates that the connection to your server is secure before sending your webhook data. For this to work, your server must be correctly configured to support HTTPS with a valid server certificate.

4.2 Verify events are sent from Fanspay

Verify webhook signatures to confirm that received events are sent from Fanspay.