Guides
/
Webhooks
/
Preventing webhook infinite loops
Last updated

Preventing webhook infinite loops

It's possible that an application which subscribes to callbacks (using webhooks) might react to those callbacks by using the API to make additional changes in Smartsheet. But, consider the following scenario:

  1. App1 creates a webhook to monitor Sheet-A for changes, specifying an App-1 URL as the callbackUrl for the webhook.

  2. App-1 updates Sheet-A using the API.

  3. Smartsheet detects that Sheet-A has changed and sends a callback to App-1 (as the webhook specified).

  4. App-1 processes the callback, and in the course of doing so, updates Sheet-A again using the API.

  5. Return to Step 3.

To protect against infinite loops like the one outlined above, Smartsheet introduced support for a new header that an API client can include with any API request that adds, updates, or deletes data in Smartsheet. Here's how it works:

  • An API client includes the Smartsheet-Change-Agent header in any API request that adds, updates, or deletes data in Smartsheet.
  • The header value should be set to a string that the API client recognizes as identifying itself.
  • If any event callbacks fire as a result of an API request that contains the Smartsheet-Change-Agent header, the value of the Smartsheet-Change-Agent header is included in the callback in the value of the changeAgent attribute.
  • If a webhook subscriber receives a callback that contains the changeAgent attribute, it should evaluate the attribute value:
  • If the attribute value's comma-delimited list contains the subscriber API client's change agent value, this indicates that the change which triggered the callback was caused by the subscriber itself, and the subscriber can choose to ignore the callback, thus preventing an infinite loop.
  • Else, the change which triggered the callback was not caused by the subscriber itself, and if the subscriber is going to subsequently react to the callback by making a change in Smartsheet (via API request), the API client should append a comma and its own identifier to the original attribute value, and pass that value through using the Smartsheet-Change-Agent header of the API request. Doing so protects against cross-system infinite loops.

NOTE: The Smartsheet-Change-Agent header value has a maximum length of 512 characters. If its length exceeds 512 characters, the excess is trimmed from the front of the string, so that the most recent agent information remains.

Previous page
Next page