Hey @JiriUlip - These are great questions. I want to clarify a few things.
Our docs are inaccurate (we are working to update those), and we actually only kick off a CRC once every ~24 hours (~24 hours from the last time it was validated) - it is not done hourly. Once we initiate a CRC, your server has 3 seconds to respond to the first request before we timeout. If it doesn’t respond within the first ~3 seconds, we retry the request and leave that open for ~1.75 seconds. Meaning, you have roughly ~5 seconds over 2 attempts to respond. In the event your server doesn’t respond (or returns a transient error), we will retry for ~4 hours, sending a new request every ~30 minutes. This means you have 8 attempts (with the same ~5-second retry logic) to confirm validation. Those 8 attempts happen when we receive a transient error (a 4XX, 5XX, no response, etc.)
There are a couple of things that we could encounter where we immediately mark the webhook invalid:
- Getting the wrong response back, would mark it invalid (no retry logic).
- Having an incorrect cert configured would also mark it as failed (no retry logic).
- Your server returning a non-2XX, non-4XXX, non-5XXX response code would immediately mark it as invalid
- You specifying the use of gzip, without actually sending it (or not specifying gzip, but actually sending it in the response) would also invalidate the webhook immediately.
If you are seeing something different in your logs than I mentioned, let me know. Also, if you want support understanding why this continues to happen, post your App ID and I can look into it a bit more.
Hope this help!
