Webhooks
Retry and replay
Retry policy, terminal failures, and dashboard replay behavior.
Retry and replay
Webhook delivery retries happen outside trade and payout DB transactions.
Default schedule
- attempt 1: immediate after event commit
- attempt 2:
+1 minute - attempt 3:
+5 minutes - attempt 4:
+15 minutes - attempt 5:
+1 hour - attempt 6:
+6 hours - after max attempts:
dead_letter
What causes retry
- request timeout
- DNS failure
- TLS failure
- network error
- HTTP
429 - HTTP
5xx - other non-
2xxexcept terminal410
What ends delivery
- any
2xxresponse ->sent - HTTP
410->dead_letterimmediately - max attempts reached ->
dead_letter
Timeout behavior
- default endpoint timeout:
5seconds - operator can set timeout per endpoint record
- response body stored only as short sample for debugging
Replay semantics
- replay targets existing delivery record
- replay creates another delivery attempt for same outbox event
- replay does not create new business event
- replay does not mutate order, trade, or redemption state
- replay stays operator-scoped
Receiver design rules
- return
2xxonly after durable commit on operator side - return
5xxfor transient failure that should retry - use
410only when event should never be retried for that endpoint - do not rely on exactly-once delivery
- keep
event_iddedupe store longer than max retry window
Dashboard workflow
- Inspect delivery status and last response sample.
- Fix receiver issue or secret mismatch.
- Replay failed or dead-letter delivery.
- Confirm latest attempt becomes
sent.