# Webhook Best Practices

Production-ready patterns for webhook handling.

## What You'll Learn

- Responding quickly (< 5 seconds)
- Asynchronous processing
- Idempotency handling
- Error handling and retries
- Monitoring and alerting


## Quick Reference

### Do's

- ✅ Always verify webhook x-api-key header
- ✅ Respond with 200 OK within 5 seconds
- ✅ Process webhooks asynchronously
- ✅ Handle duplicate events (idempotency)
- ✅ Use `key` for correlation with your system
- ✅ Check `deletedAt` field on entities
- ✅ Log all webhook deliveries


### Don'ts

- ❌ Don't skip signature verification
- ❌ Don't perform long operations before responding
- ❌ Don't return errors for duplicate events
- ❌ Don't rely on event ordering
- ❌ Don't use HTTP endpoints (HTTPS only)


See:

- [Webhooks Overview](/webhooks/overview#best-practices)