In this meeting, the State Changers had an in-depth discussion about the construction of an email system and the implementation of security measures. The primary topic discussed was about the development of an email system that was similar in functionality to ConvertKit. The email system included functions for sending single-emails, sending a campaign to multiple recipients, monitoring email statuses (whether opened, clicked, unopened, or bounced), storing emails and their statuses in a database, and using webhooks to get updates on email events.
An important technique mentioned was using Postmark to implement an email system, where each email dispatch would get a Postmark ID that would be stored in a database. The State Changer discussed about storing email event data as raw JSON from Postmark's original data and then extracting relevant information (user details, message ID etc.) using webhooks. The conversation then switched to security, where the State Changers discussed the need to restrict access to their webhooks to prevent DDoS attacks or other malicious activity. They proposed the use of custom headers and the Xano tool to confirm the existence of a particular header. The State Changer stressed the importance of alerting users when webhooks received data with a bad API key and logging these events as suspicious. They discussed a concept of an "if function" rather than a "precondition," as well as the importance of decomposing preconditions for greater control. Lastly, they emphasized the importance of creating a backup system in the event of webhook failure, suggesting manual intervention, and eventually, an automated process (background task or a cron job) to handle such scenarios. Key technologies or products mentioned are: Accumulator Variables, Postmark, Xano, API keys, Webhooks, Cron Jobs (Background tasks), JSON. The participants also touched base on topics like Cybersecurity, DDoS prevention, and Data Management. Overall, the meeting provided valuable insights into the process and considerations when developing an email system and securing webhooks.
(Source: Office Hours 1/25 )
