-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(notify): message idempotency/storage & webhook refactor #161
base: main-lfs-DO-NOT-USE
Are you sure you want to change the base?
Conversation
…d in notifyMessage, webhook security
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
icon?: string | null, | ||
url?: string | null, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't be nullable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Elyniss it should because this is the Notify API endpoint. null
will be translated to ""
by the Notify Server
"type": string, | ||
type Body = [{ | ||
// Idempotency key and ID to track status | ||
notificationId?: string | null, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need to give the ability to provide the ID for a new notification? For me, server-generated IDs look more consistent, and does the client need this ability? cc @chris13524
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The primary purpose of this ID is actually for idempotency.
We can have an idempotencyKey field instead, and require the client to read the response in order to call the status endpoint. But I figured it's a slightly nicer API for the caller to be able to specify their own IDs in order to avoid storing the response to their database if they already have notification IDs on their end.
In my approach this notificationId would be dapp-facing only, unique key being separate per-dapp, and the pk of the database would still be a server-generated UUID. Happy with either approach really, but we need idempotency.
string | ||
type Response = { | ||
// IDs for the sent notifications returned in the same order as the body. If a `notificationId` wasn't specified in the request, one will be generated. | ||
notifications: string[], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the queuing behavior now, are consumers of this API expected to query all the messages they sent until they either get published
or some of the error statuses?
Not sure if I missed something here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are consumers of this API expected to query all the messages they sent until they either get published or some of the error statuses?
Yes, but only if they want to know the status. However I suppose this is polling so would be good to have a webhook option for this as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes - I think a webhook option would make sense. Polling would be absurd for all the different notification ids
de42a9a
to
00008e3
Compare
id
to notifyMessage (ensures message ID can be used for client deduplication, and also provides method to acknowledge, send read receipts, etc.)notificationId
to/notify
endpoint, which makes the endpoint idempotent<project-id>
parameter/v1
prefixSend Notification and Notification Status APIs subject to change upon discovering real-world implementation scalability challenges. For example, it may make sense to respond with
not-subscribed
,wrong-scope
, andrate-limited
in the initial request, rather than requiring a second call to get this information.Potential TODOs: