By Dev Makai
Hey builders, 👋
Today I want to dive into one of those "why didn't anyone tell me this sooner?" moments that cost me two days of debugging and nearly lost revenue. We're talking about webhooks—specifically, why your payment integration might be failing silently while everything looks green on the dashboard.
The Setup That Betrays You
Picture this: You've integrated a payment gateway. You set up webhooks. You test with a few transactions. Everything works. You deploy to production. Weeks later, you notice discrepancies in your accounting. Some transactions processed but never triggered fulfillment. Sound familiar?
Here's the brutal truth I learned: Webhooks fail silently more often than they fail loudly.
Two Critical Workarounds That Should Be Requirements
- The Backup Poller You Didn't Know You Needed Most payment gateway docs bury this gem in small text:
"Set up a re-query service that polls for transaction status at regular intervals."
This isn't a suggestion—it's their admission that webhook delivery isn't guaranteed. Your server goes down? Network hiccup? Rate limit hit? Webhooks get lost in the void.
My Implementation Strategy:
javascript
// Simple poller service (Node.js example)
async function reconcileTransactions() {
const pending = await getPendingTransactions();
for (const tx of pending) {
const status = await paymentGateway.checkStatus(tx.reference);
if (status.hasChanged()) {
await processWebhookPayload(status);
await markAsReconciled(tx.id);
}
}
}
// Run every 15 minutes
setInterval(reconcileTransactions, 15 * 60 * 1000);
This poller acts as your safety net. It catches what webhooks miss. Without it, you're trusting external systems with your business logic—a dangerous gamble.
- The Trailing Slash Debacle Here's the Apache trap that got me: When your webhook endpoint is a directory (like /webhook), Apache automatically redirects to /webhook/ if the slash is missing. POST requests get converted to GET during this redirect. Your webhook receives empty requests while returning 200 OK.
The documentation workaround: "Add a trailing slash to your URL."
The proper solution? Fix your server config:
apache
# .htaccess - The RIGHT way
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteRule ^webhook$ /webhook/ [L]
Or better yet:
apache
DirectorySlash Off
Real Damage I've Seen
SaaS Company: Lost $14K in monthly recurring revenue because canceled subscriptions kept charging (failed webhooks)
E-commerce Store: 200+ digital products never delivered despite successful payments
Booking Platform: Double-bookings when webhooks arrived out of order
My Webhook Checklist
After getting burned, here's my non-negotiable checklist:
Before Go-Live
Idempotency Keys: Process the same webhook multiple times safely
Dead Letter Queue: Store failed webhooks for manual review
Signature Verification: Never trust incoming requests without validation
Complete Logging: Request body, headers, processing result, timestamp
Production Monitoring
Success Rate Dashboard: Track delivery failures in real-time
Automated Reconciliation: Daily checks comparing gateway vs your database
Alerting: Get notified when failure rate exceeds 1%
Manual Trigger: Ability to resend webhooks from gateway dashboard
The Mindset Shift
The biggest lesson? Treat webhooks as "best effort" notifications, not reliable triggers. Build your system to survive their failure.
Your payment integration shouldn't be a house of cards. That trailing slash workaround? The polling recommendation? They're band-aids on deeper architectural issues.
Your Turn
What webhook horror stories have you survived? What silent failures did you discover way too late? Hit reply or find me on [Twitter/LinkedIn]—I read every response.
And if you're implementing payment integration this week, do me a favor: Add that polling service BEFORE you go live. Your future self will thank you when the server decides to reboot during peak hours.
Stay building (and keep those webhooks honest),
Makai
Top comments (0)