Online work platform for collaboration and project management in one central place with tasks, calendar, contacts, activity stream and the ability to build business apps.
Podio built their original REST API right along side their product. Following modern product techniques, their frontend, iOS and Android apps all consume the exact same API that is exposed to 3rd party developers.
Even at the beginning, Podio was looking to scale: they implemented REST Hooks and rate limitting with an eye towards the future.
Some of Podio's most useful endpoints are those with filters which also happen to be the most expensive to generate. REST Hooks workaround this limitation. They enable both the data developers want as well as lighter server load.
REST Hooks (subscription webhooks) actually happened accidentally. Because all of Podio's frontends consume the same API, REST Hooks were a necessity for dogfooding.
In time they learned this was a great decision after hearing from elated partners and 3rd party developers.
Let's take a look at the details about how Podio uses REST Hooks.
|REST hook feature||Implemented?|
|Order of delivery|
Podio REST Hooks can actually be created in one of two ways. They can be created as classic REST Hooks programatically via the REST API or the user can define webhooks within Podio's developer tools.
Following Podio's flexible model, there are several “nouns” and “verbs” you can subscribe to which are documented here.
Podio enforces intent when subscribing to new hook endpoints. Every new hook must be verified. A notification will be send to the new hook URL and it is expected to return a special
code along with a 2xx response.
Over time, hooks must continually respond with 2xx. If there are 50 consecutive non-2xx responses, the hook will become inactive and have to be re-activated either by the user or by the application via a teardown/setup cycle.
Podio only sends along a lightweight payload that contains the
id of the item in question and a webhook
id. Developers should turn around and call the Podio API to access the full data set. This is a security feature which enforced that developers have valid access tokens to consume hook based content.
Podio sends along a webhook
id which can be used to order incoming requests. Even though order is specified, it's really not required because Podio has skinny payloads. You'll always need to fetch the most recently resprentation of a resource after receiving a hook, making ordering implications moot.