Webhooks, Events & Retries: The Platform Knocks Again, Politely

Webhooks are how ReVend OS tells another system that something happened: asset created, order completed, listing published, auction bid placed, escrow funded, deal closed. Without delivery history, a webhook is just shouting into the internet and hoping the internet has manners.

Subscriptions

/settings/api/webhooks lets admins manage webhook subscriptions, event filters, active/paused status and delivery settings. Each subscription has a signing secret so receivers can verify that the payload came from ReVend.

Secret lifecycle

Signing secrets are stored through the encrypted external-secrets layer. Create and rotate show the plaintext once; after that the platform uses the encrypted version server-side for signing. Payloads, logs and activity metadata do not store the raw secret. The secret gets to do its job without appearing in the group photo.

Delivery log

Delivery attempts show status, attempts, retry timing and error category. Pending or stuck deliveries surface on the settings page so admins can see whether the receiver is down, the URL is wrong, or the event needs a manual nudge.

Retry and replay

Failed deliveries can be retried, and canonical events can be replayed for a subscription where allowed. That turns "we missed the event" from a support mystery into a controlled recovery path.