Webhook Testing Strategy

•Download as PPTX, PDF•

0 likes•134 views

Dimpy Adhikary

This presentation covers webhook testing strategy for microservice based application

Technology

Beyond The Callback:
Webhook Testing For Modern
Applications
By Dimpy Adhikary, Quality Analyst, Thoughtworks

Agenda
01 - Introduction to Webhook
Why/What/How
02 - Webhook Demo
Simple webhook implementation
03 - Challenges in Webhook
What can go wrong
04 - Webhook Testing Strategy
How to test a webhook based application

ECOMMERCE
Inventory Management
Use Cases
MARKETING AUTOMATION
Personalized Campaign
HEALTHCARE SERVICES
Patient Data Sharing
FINANCIAL SERVICES
Loan Application
Process
Why Webhook

ECOMMERCE
What is Webhook
Source app Payload Destination App
Event Webhook URL
Webhook is a user specified HTTP callback that get
triggered by some event to connect and share data between two applications.

How Webhook Works
Register For
The Event In
Source App
Received Data
And Taking Action In
Source App
Repeat
The Process
Waiting For
The Event In Destination
App
Setting Up The
Webhook (Callback URL)
In Source App
Event
Is triggered In
Source App

ECOMMERCE
Polling Vs Webhook
Polling Webhooks
Request origin Client Server
Trigger Client-initiated Server-initiated
Frequency Scheduled or continuous Event-driven
Efficiency Less efficient More efficient
Scalability Less scalable More scalable

$Weather Notification - Webhook Demo Prerequisite: - Python (pip install flask,requests) - Curl ● Users can subscribe to receive weather updates for specific cities. ● When the weather conditions match their preferences, a webhook is sent to the user's registered endpoint. Implementation: - sender.py - Send webhook notification - receiver.py - Listen for incoming weather notification. Simulation of the event: curl -X POST -H "Content-Type: application/json" -d '{"city": "city1", "weather": "sunny", "user_endpoints": {"city1": "http://localhost:3000/receive_weather_notification", "city2": "http://localhost:3000/receive_weather_notification"}}' http://localhost:5000/simulate_weather_update$

Challenges in Webhook
Payload
- Contract change
- Missing data
- Invalid data
Configuration
- IP white listing
- Incorrect URL/payload format
- Token expiry
- Incorrect token/credentials
- Wrong event association
- Incorrect rate limiting
Error Handling
- Unhandled errors
- No error retry
mechanism
- No error notification

Challenges in Webhook
Performance
- Slow webhook processing
- Timeout error
- Resource exhaustion
- Scalability issues
Resilience
- Availability
- Idempotence
- External dependencies
- Async communication
- Network failures
Security
- Unauthorized access
- Data breaches
- Replay attacks
- DoS attacks
Compliance
- Data privacy regulations
(GDPR)
- Financial regulations (PCI)
- Industry-specific
regulations (HIPPA)

Testing
Strategy
Functional Testing
- Configuration
- Error handling
- Integration
- User journey
Reliability Testing
- Simulating failures
- Infra testing
- Retry mechanism
- Monitoring
Performance Testing
- Load/Stress/Volume testing
Contract testing
- Payload/schema
- Consumer/provider
driven
Compliance Testing
- Data compliance
- PCI/PII
Security Testing
- OWASP top 10
- Attack simulation

Similar to Webhook Testing Strategy

- Webexpo 2010

Petr Dvorak

Service workers and their role in PWAs

Ipsha Bhidonia

Event-based APIs are becoming more popular, enabling developers to craft new integrations and solutions that go beyond the original design of an API. Yet, there remains a challenge: how can teams design thoughtful event-based APIs that are long-lasting, evolvable, and discoverable? This talk will dive into the design practices of event-based APIs, including tips for determining which protocol(s) you should select, design patterns we should apply, and anti-patterns should we avoid. We will also look at how AI and tools such as ChatGPT are starting to shape the next generation of APIs. Delivered on May 10, 2023 for the EDA Summit

Event-Based API Patterns and Practices

LaunchAny

API Security - Null meet

vinoth kumar

Magical Performance tuning with Gomez

mcsaha

To tell us more about the steps that you need to take to ensure that your applications, transactions and web pages perform well, when it matters most, under load, or at peak times, we are joined today by two experts in the field – Hari Ramachandran from Cognizant and Colin Mason from Gomez. Hari has 10 years of experience in IT industry in Software Development and Performance Management. He has lead performance testing initiatives for large mission critical applications for several Fortune 500 companies across Insurance, Banking/Finance, Travel, Retail, Manufacturing and Logistics. Hari is a Mercury LoadRunner Certified Product Consultant, and he currently heads the Non Functional Testing Center of Excellence at Cognizant. Colin is the Product Manager for Reality Load, the web load and performance testing solution at Gomez. He has 10 years of performance testing experience, and has overseen hundreds of load tests for companies all over the world. He has presented at several industry conferences, including STAR, and has authored industry-acclaimed papers on performance testing web applications. In today’s presentation Hari and Colin will discuss the challenges of delivering Web applications today, why performance testing is critical, and they will share with you their recommendations for successful performance testing. You will also learn about Gomez’s Reality Load, a new way of realistically load testing your applications from the Internet, where your customers are, so you can find and resolve more problems inside and outside the firewall than ever before.

Are You Ready For More Visitors Cognizant Gomez Jan20

Compuware APM

Pushing information is a decoupled and performance effective way to ensure interested parties have the most recent information ASAP. This session looks at reasons and technology for pushing information at various points in an enterprise architecture. Databases can push to the middle tier, the middle tier pushes to the browser and mobile app - triggered by email, chat, JMS message or CEP event and one client can push to another. The link with Event Driven Architecture is explored. HTTP Channels and Web Sockets are demonstrated as well as AJAX based background push, database query result change notification and HTTP calls from the database. We'll look at what to send in an event and how to present the push signal in the end user interface. Attendees will learn how to effectively leverage concepts (such as Bayeux) and technologies to implement push-across-the-tiers in a scalable fashion- thus creating a modern application that satisfies the modern end user. * Introduce push in the real world: don't call us and other examples * Explain how push is good for performance (no polling), for decoupling (consumer does not need to know where the push comes from) and most up-to-date information available (as opposed to polling) * Discuss architecture and all the gaps between and within tier where push may be required and how the trigger can originate * Demonstrate how push can be implemented from a database to the middle tier (for example to refresh cache or send signal that ends up in client) * Demonstrate how push can be implemented from middle tier to client - and what it can be used for * Discussion of presentation/visualization of asynchronous, push-based refresh of client * Leveraging the server-client push, demonstrate how client-client push can be implemented (through client-server AJAX and server-client push) * Demonstrate end-to-end push: database undergoing some DML finally resulting in a browser being refreshed * Linking Push with Event Driven Architecture and Complex Event Processing * Brief future outlook

Don't call us - we'll push - cross tier push architecture (JavaOne 2011)

Lucas Jellema

Statying Alive - Online and OFfline

Erik Hellman

Webservices Testing PPT.pdf

AbhishekDhotre4

Event driven architecure

Touraj Ebrahimi

PHP Continuous Data Processing

Michael Peacock

Difference between Client Polling vs Server Push vs Websocket vs Long Polling

jeetendra mandal

Presented at 'All Things API' in Denver, CO by Travis McChesney, Director of Engineering at Cloud Elements. How do you build and use user defined callback URLs (known as Webhooks) to notify your users of events that occurred on your system? Or use those URLs to get remote notification from API connected systems you use? Using Webhooks is becoming more common as APIs become essential to all programming models. We will cover four common usage models: API capture, TCP Tunneling, Dynamic DNS and Remote Development.

Building Event Driven API Services Using Webhooks

Cloud Elements

Live Streaming & Server Sent Events

tkramar

This an era where Consumer Experience (CX) is king. Because of this, application users naturally expect to be notified of events and outcomes in real-time as they happen. Asynchronous and parallel execution of processes has become a necessity which has more to do with data and events streams rather than resting data. Reactive application development is all about programming for such event streams. Modern day business applications are primarily based on events. Therefore, reactive application development has become a way to build applications that are more agile and highly extensible. Also, with the emergence of microservices-based applications, we see an increase in adaptation of event-driven architecture. This presentation looks at the core concepts of event-driven architecture and how you can use it to design reactive applications.

[WSO2Con EU 2018] Building Reactive Applications Using Event Driven Architecture

WSO2

Webhooks

Priyank Thada

Events, Picos, and Microservices

Phil Windley

Multiple_Vendors_Part-1

Philip Storey

Learn how to use Ext JS and Cmd to deliver Progressive Web Applications to deliver the best of both web and mobile app experiences. Web apps can be found easily on the internet and every user is guaranteed access to the same and latest version of the application. Plus, mobile app capabilities, such as offline support and optimizing access to the underlying network using service workers, take the user experience to a whole new level.

Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd

Sencha

EWD 3 Training Course Part 6: What Happens when a QEWD Application is Started

Rob Tweed

Similar to Webhook Testing Strategy (20)

- Webexpo 2010

Service workers and their role in PWAs

Event-Based API Patterns and Practices

API Security - Null meet

Magical Performance tuning with Gomez

Are You Ready For More Visitors Cognizant Gomez Jan20

Don't call us - we'll push - cross tier push architecture (JavaOne 2011)

Statying Alive - Online and OFfline

Webservices Testing PPT.pdf

Event driven architecure

PHP Continuous Data Processing

Difference between Client Polling vs Server Push vs Websocket vs Long Polling

Building Event Driven API Services Using Webhooks

Live Streaming & Server Sent Events

[WSO2Con EU 2018] Building Reactive Applications Using Event Driven Architecture

Webhooks

Events, Picos, and Microservices

Multiple_Vendors_Part-1

Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd

EWD 3 Training Course Part 6: What Happens when a QEWD Application is Started

Recently uploaded

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Knowledge engineering: from people to machines and back

Elena Simperl

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Speed Wins: From Kafka to APIs in Minutes

confluent

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Join us as we dive into the latest updates to the UiPath Orchestrator API, including new limits and features for 2024. Discover how these changes can enhance your automation projects and streamline your workflows. 📚 Overview of UiPath Orchestrator API 🔧 Recent changes to API limits 🛠️ How to adapt to new limits 📋 Best practices for using the Orchestrator API efficiently ❓ Q&A session

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

DianaGray10

Recently uploaded (20)

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Key Trends Shaping the Future of Infrastructure.pdf

Knowledge engineering: from people to machines and back

UiPath Test Automation using UiPath Test Suite series, part 3

Speed Wins: From Kafka to APIs in Minutes

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Essentials of Automations: Optimizing FME Workflows with Parameters

Connector Corner: Automate dynamic content and events by pushing a button

JMeter webinar - integration with InfluxDB and Grafana

UiPath Test Automation using UiPath Test Suite series, part 2

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

How world-class product teams are winning in the AI era by CEO and Founder, P...

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

Webhook Testing Strategy

1. Beyond The Callback: Webhook Testing For Modern Applications By Dimpy Adhikary, Quality Analyst, Thoughtworks

2. Agenda 01 - Introduction to Webhook Why/What/How 02 - Webhook Demo Simple webhook implementation 03 - Challenges in Webhook What can go wrong 04 - Webhook Testing Strategy How to test a webhook based application

3. ECOMMERCE Inventory Management Use Cases MARKETING AUTOMATION Personalized Campaign HEALTHCARE SERVICES Patient Data Sharing FINANCIAL SERVICES Loan Application Process Why Webhook

4. ECOMMERCE What is Webhook Source app Payload Destination App Event Webhook URL Webhook is a user specified HTTP callback that get triggered by some event to connect and share data between two applications.

5. How Webhook Works Register For The Event In Source App Received Data And Taking Action In Source App Repeat The Process Waiting For The Event In Destination App Setting Up The Webhook (Callback URL) In Source App Event Is triggered In Source App

6. ECOMMERCE Polling Vs Webhook Polling Webhooks Request origin Client Server Trigger Client-initiated Server-initiated Frequency Scheduled or continuous Event-driven Efficiency Less efficient More efficient Scalability Less scalable More scalable

7. Weather Notification - Webhook Demo Prerequisite: - Python (pip install flask,requests) - Curl ● Users can subscribe to receive weather updates for specific cities. ● When the weather conditions match their preferences, a webhook is sent to the user's registered endpoint. Implementation: - sender.py - Send webhook notification - receiver.py - Listen for incoming weather notification. Simulation of the event: curl -X POST -H "Content-Type: application/json" -d '{"city": "city1", "weather": "sunny", "user_endpoints": {"city1": "http://localhost:3000/receive_weather_notification", "city2": "http://localhost:3000/receive_weather_notification"}}' http://localhost:5000/simulate_weather_update

8. Challenges in Webhook Payload - Contract change - Missing data - Invalid data Configuration - IP white listing - Incorrect URL/payload format - Token expiry - Incorrect token/credentials - Wrong event association - Incorrect rate limiting Error Handling - Unhandled errors - No error retry mechanism - No error notification

9. Challenges in Webhook Performance - Slow webhook processing - Timeout error - Resource exhaustion - Scalability issues Resilience - Availability - Idempotence - External dependencies - Async communication - Network failures Security - Unauthorized access - Data breaches - Replay attacks - DoS attacks Compliance - Data privacy regulations (GDPR) - Financial regulations (PCI) - Industry-specific regulations (HIPPA)

10. Testing Strategy Functional Testing - Configuration - Error handling - Integration - User journey Reliability Testing - Simulating failures - Infra testing - Retry mechanism - Monitoring Performance Testing - Load/Stress/Volume testing Contract testing - Payload/schema - Consumer/provider driven Compliance Testing - Data compliance - PCI/PII Security Testing - OWASP top 10 - Attack simulation

Webhook Testing Strategy

Recommended

Recommended

More Related Content

Similar to Webhook Testing Strategy

Similar to Webhook Testing Strategy (20)

Recently uploaded

Recently uploaded (20)

Webhook Testing Strategy