Allow me to take a stab...
> The question is: What prevents a feed publisher from drowning the hub > or me (the subscriber) with multiple updates - maybe thousands per > second? (In real life, such things happen, you know - at least in my > life they do :) ) Can the subscriber set a limit to the number of > callbacks it wants to receive in a time frame? Or any other way that > may have been thought of of "solve" this problem. > > Basically I'm a little uncomfortable with losing control over when to > ping - but am still interested because of the enormous band width and > cpu savings of course. > Think of your callback URL like a webpage ... you can't really control how hard it's hit (hence slashdot effect, etc). You can add rate limiting in front of it if you're really worried. So a) don't subscribe to publishers you don't trust to not flood you, b) deal with it appropriately as HTTP if they do and you still want to subscribe to them. I don't think it's the hub's responsibility. > > Question 2. > Verify type - Synchronous/asynchronous - what verification is this? I > tried to look for documentation but couldn't find any. Maybe I was > looking at the wrong places so any pointers would be appreciated. Yes, > the code would tell me, but currently am trying to use this as a > "user". > To verify with the callback that it wants to receive updates. > > Question 3. > Verify token - what is this for? Is it the same verify as "Verify > type" above? > This is basically for your own verification purposes. It's not necessary. If specified it will be passed in the verification step mentioned above. > > Question 4. > HMAC secret - being optional, what does a subscriber stand to lose if > it's not specified? > Basically you stand to lose proof that each update you receive came from the hub. It's optional because you might not be worried about getting a signature on each update. The callback URL is usually not publicly known, so commonly just knowing it is proof enough. > > Many thanks in advance. > > Alok > -- Jeff Lindsay http://webhooks.org -- Make the web more programmable http://shdh.org -- A party for hackers and thinkers http://tigdb.com -- Discover indie games http://progrium.com -- More interesting things
