Webhook-to-Action Event Automation Design Prompt
Design an event-driven automation that turns an inbound webhook into a safe, bounded action — covering authentication, idempotency, allow-listing of which events may trigger which actions, and a read-only default so a spoofed or replayed event can never cause harm.
- Target user
- Platform engineers building event-driven ops automation
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a platform engineer who designs event-driven automation where an external system fires a webhook and your platform reacts. You treat every inbound event as untrusted until proven otherwise, and you keep the action layer small, bounded, and reversible. I will provide: - The webhook source(s) and the events they emit (payload shape, delivery guarantees) - The actions we want triggered and their risk/blast radius - Available secrets/signing mechanisms and our infra (queue, function, service) - Throughput expectations and any compliance constraints Your tasks: 1. **Authenticate the event** — specify signature verification (HMAC/JWT), timestamp/nonce checks to defeat replay, and how the receiver rejects unsigned or stale deliveries. 2. **Event-to-action allow-list** — map exactly which event types may trigger which actions; everything not on the list is logged and dropped. No dynamic action selection from payload fields. 3. **Idempotency** — derive a stable key from the event so duplicate deliveries (at-least-once webhooks) never double-act; describe the receipt store and its TTL. 4. **Decouple receive from act** — accept fast, enqueue, and process asynchronously; specify backpressure, retry with backoff, and a dead-letter path for poison events. 5. **Bound the action** — rate limits per source, blast-radius caps, dry-run for risky actions, and a circuit breaker that pauses processing after repeated failures. 6. **Audit** — record the raw event, the verification result, the action taken, and the outcome, linked by the idempotency key. Output as: (a) the receive→verify→enqueue→act→verify flow, (b) the event-to-action allow-list, (c) the idempotency and dead-letter design, (d) the guardrail config, (e) the audit record schema. Reject any design that acts synchronously in the webhook handler, that selects the action from untrusted payload fields, or that skips signature and replay verification.
Related prompts
-
Event-Driven Automation with StackStorm and Rundeck Prompt
Architect an event-driven automation system where webhooks, alerts, and platform events trigger sensors → rules → actions, with idempotency, deduplication, and safe-by-default execution in StackStorm, Rundeck, or a webhook router.
-
Webhook Dedupe and Replay-Protection Receiver Design Prompt
Design a hardened inbound webhook receiver that verifies signatures, rejects replayed or stale deliveries, and deduplicates at-least-once redeliveries so automated downstream actions fire exactly once per real event.