On February 14, 2024, we encountered an issue with our webhook validation process, which impacted the reliability of webhook notifications for our users. This issue was primarily due to an oversight in updating the encoded value for a new signature length after a service upgrade. The problem was identified and resolved promptly, with a fix deployed to prevent future occurrences. We are committed to maintaining high reliability and transparency, and this postmortem aims to detail the incident, our response, and steps we're taking to improve.
The incident was caused by an update in our webhook-service, which introduced a new signature length. Unfortunately, the encoded value for this new signature was not updated accordingly, leading to validation failures for webhook events.
The issue was first detected by internal monitoring and reported by a user, leading to a swift investigation and resolution.
A small number of users were directly affected, with only two support tickets filed regarding the issue. However, the potential for broader impact prompted an immediate and thorough response from our team.
The problem was detected during a routine production review, with further investigations led by our development team. Upon identifying the root cause, we implemented a code fix and deployed a new release to resolve the issue.
The primary cause of this incident was found to be the lack of updated documentation and testing related to the webhook service's signature validation process. This oversight led to the failure in properly validating webhook events post-update.
We have taken several steps to address the issue and prevent similar incidents in the future:
To prevent a recurrence of this or similar issues, we are:
We understand the importance of reliable webhook notifications for our users and apologize for any inconvenience caused. Our team is committed to learning from this incident and making the necessary improvements to serve you better.
Thank you for your understanding and continued support.