Best Practices

Webhook Verification

Use either basic HTTP authentication or the request signature provider in the header to verify requests from daisyBill.

CSRF Protection

Web frameworks like Rails and Django will check that every POST request contains a CSRF token. This may prevent you from receiving webhooks from daisyBill. To get past this, you will need to ignore CSRF protection for your webhook-consuming endpoints.

Duplicate Events

Your webhook endpoints might receive the same event more than once. Guard against this by keeping track of events in your system using the id property on the event.

Order of Events

daisyBill webhooks may be sent multiple times if the delivery status is considered failed. Make sure your endpoint can receive the same notification multiple times and in the wrong order.

You can fetch missing events using the events API endpoint or verify event information by issuing an API request for the related resource.

Respond Quickly

daisyBill expects a response from your endpoint within 5 seconds.