Webhook Relay Workshop threat modeling whiteboard exposed a gap in our replay handling — fixed same sprint.
APIs
Webhook Relay Workshop
Receive partner webhooks, validate signatures, and fan out to internal queues with Python.
24 hours · blended Blended with weekend intensive option BRL 920 · informational
Program narrative
Build a small Flask-style receiver (framework agnostic patterns) that validates HMAC signatures, stores payloads safely, and forwards sanitized events to Slack or email via templated calls.
Inside the bundle
- Signature verification walkthrough with clock skew notes
- Payload size limits and disk spillover strategy
- Replay protection outline you can adapt internally
- Sandbox TLS notes for local testing
- Mentor-led threat modeling whiteboard (virtual)
- Template for rotating shared secrets
- Postman collection for partner simulations
Outcomes we expect you to evidence
- Deploy a local receiver that rejects tampered payloads
- Author a secret rotation doc for your runbook
- Demonstrate fan-out to a sandbox Slack channel
Mentor anchor
Automation mentor specializing in partner-facing integrations.
Felipe Amaral
Primary reviewer for this program track.
Participant questions
Patterns translate across lightweight ASGI/WSGI libraries; pick what your org allows.
You test locally; production deployment stays with your platform team.
We reference policy links / quality standards language instead of pretending legal advice.