TemplateFREE⏱️ 60-90 minutes
Webhook System Specification Template
A structured webhook system spec covering event design, delivery guarantees, retry logic, signature verification, and failure handling.
Updated 2026-03-04
Webhook System Specification
| # | Item | Category | Priority | Owner | Status | Notes | |
|---|---|---|---|---|---|---|---|
| 1 | |||||||
| 2 | |||||||
| 3 | |||||||
| 4 | |||||||
| 5 |
#1
#2
#3
#4
#5
Edit the values above to try it with your own data. Your changes are saved locally.
Get this template
Choose your preferred format. Google Sheets and Notion are free, no account needed.
Frequently Asked Questions
What delivery guarantee should a webhook system provide?+
At-least-once delivery. This means consumers may receive the same event more than once (due to retries after ambiguous failures) and must handle deduplication using the event `id`. Exactly-once delivery is not achievable in distributed systems without requiring consumers to implement idempotency, which they should do regardless. Document this guarantee clearly in your webhook docs.
How should consumers handle duplicate webhook events?+
Store processed event IDs and check before processing. When a consumer receives an event, look up the `id` in a persistent store. If it has been seen before, return 200 without reprocessing. If not, process the event and store the ID. This idempotency check is the consumer's responsibility. Your docs should include code samples for this pattern in every supported language.
Should webhook payloads include the full resource or just the event metadata?+
Include the full resource state at the time of the event. This eliminates the need for consumers to make a follow-up API call to fetch the current state, which reduces their API usage and removes a race condition (the resource may have changed between the event and the follow-up call). The tradeoff is larger payloads, but for most resources under 10KB this is acceptable.
How do I handle webhook endpoints that are temporarily down?+
Use the retry schedule with exponential backoff. If the endpoint recovers within the retry window (~34 hours in the example above), all queued events will be delivered in order. If it does not recover, mark events as failed, disable the endpoint, notify the admin, and provide a manual retry mechanism in the dashboard. The [SLA/SLO/SLI framework](/glossary/sla-slo-sli) can help you define the delivery guarantees you commit to.
When should I add a new event type to the webhook system?+
Add a new event type when at least 3 consumers have requested it or when a new feature creates a state change that external systems need to react to in real time. Before adding the event, check whether an existing event already covers the use case (e.g., `order.updated` may be sufficient without a separate `order.address_changed` event). Keep the event catalog focused. The [API-first design](/glossary/api-first-design) principle applies: design events for consumers, not for your internal architecture. ---
Related Tools
Explore More Templates
Browse our full library of PM templates, or generate a custom version with AI.