Skip to content

feat: add X-Request-Id header to outbound webhook deliveries#582

Merged
greatest0fallt1me merged 1 commit into
CalloraOrg:mainfrom
vicky4196:task/webhook-request-id
Jun 29, 2026
Merged

feat: add X-Request-Id header to outbound webhook deliveries#582
greatest0fallt1me merged 1 commit into
CalloraOrg:mainfrom
vicky4196:task/webhook-request-id

Conversation

@vicky4196

@vicky4196 vicky4196 commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Webhook Request-Id Header Implementation

Summary

This change adds the X-Request-Id header to outbound webhook deliveries, enabling request correlation across the Callora platform.

Changes Made

1. Implementation (src/webhooks/webhook.dispatcher.ts)

The implementation already existed in the codebase. The dispatchWebhook function:

  • Retrieves the current request ID via getRequestId() from the async context
  • Conditionally includes X-Request-Id header when a request context is available
  • Headers are set at lines 65-75
const requestId = getRequestId();
const headers: Record<string, string> = {
    'Content-Type': 'application/json',
    'User-Agent': 'Callora-Webhook/1.0',
    'X-Callora-Event': payload.event,
    'X-Callora-Timestamp': payload.timestamp,
    'X-Callora-Delivery': deliveryId,
};
if (requestId) {
    headers['X-Request-Id'] = requestId;
}

2. Tests (src/webhooks/webhook.dispatcher.test.ts)

Added two new test cases:

  • Propagates request ID: Verifies X-Request-Id is included when request context exists
  • Omits when no context: Verifies X-Request-Id is undefined when no request context is set
  • All headers test: Comprehensive test verifying all expected headers are present

3. Documentation (docs/webhooks.md)

Updated the webhook documentation to include X-Request-Id in the headers table:

  • Added X-Request-Id as a correlation ID header
  • Expanded header table to include all outbound webhook headers: User-Agent, X-Callora-Event, X-Callora-Delivery, Content-Type

Expected Headers

All outbound webhook requests now include:

Header Description
Content-Type application/json
User-Agent Callora-Webhook/1.0
X-Callora-Event Event type being delivered
X-Callora-Timestamp ISO-8601 delivery timestamp
X-Callora-Delivery Unique UUID for idempotency
X-Request-Id Correlation ID (when available)
X-Callora-Signature HMAC-SHA256 signature (when secret configured)

Testing

Run the webhook dispatcher tests:

npm test -- src/webhooks/webhook.dispatcher.test.ts

Security Considerations

  • No secrets or sensitive data are exposed in the request-id header
  • The header is optional and only included when a valid request context exists
  • Does not affect existing signature verification workflow

closes #511

@vicky4196
test: add tests for X-Request-Id header in webhook dispatcher
9ae4cbc 
- Add test for X-Request-Id propagation when request context exists
- Add test for omitting X-Request-Id when no context is set
- Add comprehensive test for all webhook headers
- Update webhooks.md documentation to include all outbound headers

closes CalloraOrg#511
@greatest0fallt1me greatest0fallt1me merged commit 48b72b9 into CalloraOrg:main Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add structured request_id header in webhook outbound

2 participants

@vicky4196 @greatest0fallt1me