Skip to main content
This page lists what Boble enforces on every delivery and a few habits worth adopting on your receiver.

What Boble enforces

HTTPS only

http:// URLs are rejected when you register them, and again at delivery time. Only https:// endpoints are accepted.

Private networks are blocked

When you configure the URL, Boble rejects hosts that look like local or private network addresses (localhost, 127.0.0.0/8, 10.0.0.0/8, 172.16-31, 192.168.0.0/16, 169.254.0.0/16, and IPv6 link-local / ULA). This protects against accidentally pointing a webhook at an internal service.

10-second timeout

If your endpoint takes longer than 10 seconds to reply, Boble gives up. The delivery is recorded as failed with a timeout error in your event log, and you can replay it later. This is why your handler should be fast — acknowledge with 200 first, then do any heavy work in the background.

Best-effort delivery

Boble does not retry a failed delivery automatically. The failed event sits in your event log until you manually resend it.

Response body capture

Boble stores the first 4 KB of whatever your endpoint replies. That’s useful when you debug a failed delivery from the dashboard — you can see the error message your service returned. Long responses are simply truncated.

What you should do

Always verify the signature

Even for test events. See Signature verification.

Reply fast

Reply 200 as quickly as you can — ideally well under a second. If your handler needs to call out to another service (send a Discord message, create a Mailchimp contact), enqueue the work to a background job and acknowledge first. Otherwise you risk hitting the 10-second timeout and having your event marked as failed.

Handle resends safely

When you resend an event manually, Boble dispatches a brand-new delivery with the same data but a new envelope id. If your handler isn’t careful, this can double-apply side effects (sending the same welcome email twice, creating two contacts). The safe pattern is to dedupe based on a value derived from data.object — typically data.object.id together with the event type. See Payload structure.

Rotate the secret if it leaks

If you suspect the signing secret has been exposed (a leaked log file, a former contractor with access to your env), rotate it from your dashboard. All your promotion endpoints share the same secret, so a single rotation covers everything.