Skip to content

Add webhook handling cookbook recipe#473

Open
samdark wants to merge 1 commit into
masterfrom
cookbook-webhooks
Open

Add webhook handling cookbook recipe#473
samdark wants to merge 1 commit into
masterfrom
cookbook-webhooks

Conversation

@samdark
Copy link
Copy Markdown
Member

@samdark samdark commented May 30, 2026

Adds a cookbook article for handling incoming third-party POST requests and webhooks, including raw-body signature verification, timestamp checks, idempotency, retry-aware response codes, and cookbook navigation entries.

Verification:

  • Reproduced the action/interfaces in a fresh yiisoft/app template at /tmp/yii-docs-upload-app
  • php verify-webhook-action.php
  • php -l src/Web/Webhook/IncomingWebhookAction.php
  • php -l src/Web/Webhook/ProcessedWebhookRepository.php
  • php -l src/Web/Webhook/WebhookProcessor.php
  • php -l verify-webhook-action.php
  • vendor/bin/phpstan analyse src/Web/Webhook verify-webhook-action.php --no-progress
  • vendor/bin/psalm --no-progress --output-format=console src/Web/Webhook verify-webhook-action.php
  • npx markdown-link-check src/cookbook/handling-webhooks.md
  • npm run build

Copilot AI review requested due to automatic review settings May 30, 2026 10:58
Copilot AI reviewed May 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new English cookbook recipe explaining how to safely handle incoming third-party webhooks in a Yii3 application, and wires the new page into the cookbook index and the VitePress sidebar so it appears in navigation.

Changes:

  • New src/cookbook/handling-webhooks.md recipe covering POST-only routing, CSRF exclusion guidance, raw-body HMAC signature verification with timestamp freshness checks, delivery-ID idempotency, and retry-aware response codes (2xx/400/401/5xx/202).
  • Adds IncomingWebhookAction, ProcessedWebhookRepository and WebhookProcessor example code plus a DI config snippet wiring WEBHOOK_SECRET into the action.
  • Inserts navigation entries for the new recipe in the English cookbook index and the VitePress sidebar (between "Making HTTP Requests" and "Using htmx for Partial Page Reloads").

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
src/cookbook/handling-webhooks.md New cookbook recipe with route, action, repository/processor interfaces, DI snippet, response-code guidance, and operational checklist.
src/cookbook/index.md Adds a link to the new recipe in the English cookbook index.
src/.vitepress/config.js Adds the matching sidebar entry for the new recipe.

Comment thread src/cookbook/handling-webhooks.md
Comment on lines +163 to +169
return [
IncomingWebhookAction::class => [
'__construct()' => [
'webhookSecret' => $_ENV['WEBHOOK_SECRET'],
],
],
];
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@samdark