Vibble Webhooks Policy

This policy governs how external applications may register and consume Vibble webhooks for real-time event notifications such as posts, mentions, and account changes.

1. Overview

Vibble webhooks provide push-based notifications to developer-controlled endpoints. They are designed to reduce polling, support integrations, and enable real-time workflows while maintaining strict security and privacy safeguards.

2. Eligible Events

Typical webhook event types include (subject to change):

  • New post by an authorized user.
  • Mentions or replies to an authorized user.
  • Follow / unfollow events.
  • Account updates and settings changes.
  • Subscription or billing-related events (for monetization programs).

3. Registration & Verification

  • Endpoints must support HTTPS.
  • Ownership verification may use challenge tokens or signed messages.
  • Vibble may perform periodic re-verification to confirm endpoint validity.

4. Security & Signing

To ensure authenticity and integrity of webhook events:

  • Each webhook request may include a signature header using a shared secret.
  • Integrations must validate signatures before processing payloads.
  • Replay protection techniques (timestamps, nonces) should be implemented.

5. Performance & Response Expectations

  • Webhook receivers must respond with a 2xx status code within a short timeout window.
  • Heavy processing should be done asynchronously after acknowledging receipt.
  • Non-2xx responses or timeouts may trigger automatic retries.

6. Retries & Backoff

In the event of delivery failures, Vibble may retry events with exponential backoff. Persistent failures may result in webhook deactivation.

7. Data Minimization & Privacy

  • Webhook payloads contain only the fields needed for the subscribed event.
  • Sensitive data is limited or excluded where possible.
  • Developers must protect all payloads as confidential user data.

8. Abuse Prevention & Throttling

Vibble may throttle, batch, or temporarily disable webhooks for:

  • Endpoints returning repeated errors.
  • Detected compromise or misconfiguration.
  • Abuse or suspicious amplification patterns.

9. Logging & Auditability

Developers should log webhook events with secure, access-controlled logging to support debugging, incident response, and audit trails while respecting data retention policies.

10. Termination

Nexa-Group may disable webhook access immediately in cases of abuse, legal obligations, or security incidents without prior notice.

11. Contact

Webhook Support: webhooks@vibble.org
Developer Support: dev@vibble.org
Security Incidents: security@vibble.org

Esta resposta foi útil? 0 Utilizadores acharam útil (0 Votos)

Mais Popular

API Terms of Us

Vibble API Terms of Use These API Terms govern developer access to the Vibble API...
Streaming API Rules

Vibble Streaming API Rules These rules govern access to Vibble’s real-time Streaming...
Rate Limit Documentation

Vibble API Rate Limit Policy This document describes how Vibble applies rate limits...
OAuth & Authentication API Guide

Vibble API OAuth & Authentication Guide This guide outlines how applications...
Bot & Automation Rules for API Users

Vibble Bot & Automation Rules These rules govern automated accounts, bots, and...