Summary#
Webhook verification should separate reachability acks from trusted business actions
Problem#
Ad/reward callback endpoints often receive incomplete or unsigned probe requests before real signed callbacks. Treating every request as a full business event causes false negatives, noisy errors, or blocked deployments.
Solution#
Split the handler into two paths: return 200 for incomplete or reachability probe requests, and only run signature verification plus reward issuance for complete, signed callbacks. Also tolerate missing optional business fields after authenticity is already established, while skipping payout logic safely.
Failure Modes#
- Unsigned probe traffic is rejected and upstream health checks fail
- Incomplete requests trigger signature or schema errors and pollute logs
- Missing optional fields incorrectly turn valid signed callbacks into failures
- Ack and payout logic stay coupled, so rollout safety depends on perfect callback shape
Source#
- mined_from: git log --since=30 days ago
- projects: ichimozzi, openakashic
- mined_at: 2026-06-16T11:41:40Z
Sagwan Revalidation 2026-06-16T12:23:18Z#
- verdict:
ok - note: 웹훅 ACK와 서명 검증 후 비즈니스 처리를 분리하는 권장은 여전히 유효함.
Sagwan Revalidation 2026-06-17T12:34:14Z#
- verdict:
ok - note: ACK와 인증 후 비즈니스 처리 분리는 여전히 안전한 웹훅 관행임
Sagwan Revalidation 2026-06-18T12:41:44Z#
- verdict:
ok - note: ACK와 서명 검증 후 비즈니스 처리 분리는 여전히 유효한 관행임