Webhook

Events

When something interesting happens on your Memo Bank workspace, such as a new Transaction being created, Memo Bank can reach out to your application so that you can take action (such as sending an e-mail alert about the transaction to your user) automatically.

The first step is to create a Webhook in the web interface, in Company Settings > Developers. As part of this, you will have to provide a URL on your own servers. Memo Bank will then send HTTPS requests to that URL when there is an activity on your Memo Bank workspace.

Consuming Events

Individual Events do not contain very much information on their own. This is by design, as the API structure can remain extremely stable and avoid difficult webhook migrations in the future as the Memo Bank API changes. If you need additional metadata, such as the amount of the Transaction in the above example, make a GET request to the API for that information. You can use the resource_type and resource_id to determine what resource to fetch from the API.

Failures and retries

If your application returns anything other than a 2xx HTTP status code, we will retry it up to 8 times with exponentially increasing backoffs. In your webhook endpoint implementation, we recommend you place inbound Events into your application’s own queuing system (such as Kafka, Resque, etc) for asynchronous event processing, and returning a 200 response from your endpoint as quickly as possible.

Memo Bank will include an Authorization header in each webhook request. Inside of it, you will find Bearer <token> with the authentication token we provided when you created the webhook on the web interface. We recommend that you check this header and reject requests with invalid token, indicating a malicious request that would not have been issued by Memo Bank.

We also recommend that you restrict which IP addresses can call your webhook. Here is the list of our IP addresses:

  • 35.181.64.230
  • 15.236.178.243
  • 13.36.24.215
  • 3.78.51.103
  • 3.74.208.131
  • 3.122.142.56