Le temps réel est devenu un pré-requis de nos applications mais pas seulement pour les données. Nous souhaitons également pouvoir informer nos utilisateurs qu’un événement vient de se produire (mention, blog post, pull request...). Mais quelle est la meilleure façon d’interagir en temps réel avec une API lorsque le délai de rafraichissement est imprévisible ? Vous avez probablement déjà entendu parler de WebHook et de WebSub. Peut-être même savez-vous que l’un est basé sur l’autre. Mais savez-vous vraiment quelles sont leurs différences ? Comment implémenter chaque solution ? Et plus important, quand utiliser l’une ou l’autre ? Dans cette session nous reviendrons en détail sur chaque solution pour trouver les réponses aux questions précédentes et bien sûr, nous les verrons en action avec une démo en live coding !
14. Consumer
HTTP/1.1 201 Created
Link:<http://subscription-serve
r.com/subscription>;
rel="subscription"
POST /eventsource HTTP/1.1
Host: subscription-server.com
Pragma: subscribe
Callback:
<http://example.com/callback>;
method="POST"
rel="subscriber"
API Provider
POST /callback HTTP/1.1
Host: example.com
Link:
<http://subscription-server.com
/subscription>;
rel="subscription"
Content-HMAC: sha1
C+7Hteo/D9vJXQ3UfzxbwnXaijM=
Content-Length: 21
Content-Type:
application/x-www-form-urlencod
ed
payload=Hello%20world
WEBHOOKS
15. ✓ Define a callback URL ✓ Create a subscription endpoint
- GET /webhook
- POST /webhook
- GET /webhook/{id}
- PUT /webhook/{id}
- DELETE /webhook/{id}
Consumer API Provider
WEBHOOKS
16. ✓ Define a callback URL
Consumer API Provider
✓ Implement your webhook queue
- inline HTTP Requests
- SQL-based queue
- AMQP broker
- batch
WEBHOOKS
19. PROS AND CONS
✓ Easily consumed
✓ Without dedicated resources
■ Poor user experience
■ Does not work with all clients
■ Manual setup✓ Easily integrated
■ Debugging
✓ (almost) Real-Time updates
20. KNOWN ISSUES
Consumer API Provider
■ DDoS Attack
■ Missed notification
■ DDoS Attack
■ Deduplication
21. CHECK LIST
Consumer API Provider
✓ Implement authentication
✓ Expected answer?
✓ Monitor payload size
✓ Handle request number
✓ Handle duplicates
✓ One callback per webhook
23. ✓ RSS / Atom feeds
✓ pubsubhubbub/ & w3c.github.io/websub
✓ Open Protocol
✓ Based on Publish / Subscribe Pattern and on topics
✓ Formerly known as PubSubHubbub, PubSub, Push...
WEBSUB
✓ W3C proposed recommandation since April 2017
26. Subscribers Send subscription request to the Hub
POST https://my-hub.com/
…
hub.mode="subscribe"
hub.topic="https://my-resource.com/"
hub.callback="http://example.com/callback"
SUBSCRIBE - SUBSCRIBERS 1/2
hub.secret="my-token"
27. Hub Verify intent of the subscribers
GET http://example.com/callback
…
hub.mode="subscribe"
hub.topic="https://my-resource.com/"
hub.challenge="a random string"
SUBSCRIBE - HUB
34. Subscribers Send unsubscription request to the Hub
POST https://my-hub.com/
…
hub.mode="unsubscribe"
hub.topic="https://my-resource.com/"
hub.callback="http://example.com/callback"
UNSUBSCRIBE - SUBSCRIBERS 1/2
35. Hub Verify intent of the subscribers
GET http://example.com/callback
…
hub.mode="unsubscribe"
hub.topic="https://my-resource.com/"
hub.challenge="a random string"
UNSUBSCRIBE - HUB
36. Subscribers Answer verification request
HTTP/1.1 200 OK
Body:{
hub.challenge: "a random string"
}
UNSUBSCRIBE - SUBSCRIBERS 2/2
37. PROS AND CONS
✓ Easily consumed
✓ Without dedicated resources
■ Poor user experience
■ Does not work with all clients
■ Manual setup✓ Easily integrated
■ Debugging
✓ (almost) Real-Time updates
■ Manual setup
38. PROS AND CONS
✓ Easily consumed
✓ Without dedicated resources
■ Does not work with all clients
✓ Easily integrated
■ Debugging
✓ (almost) Real-Time updates ■ Need another call to get data