Unpopular Opinion: Most Webhook Implementations Are Dangerously Half-Baked

There. I said it. After reviewing dozens of Rails codebases over the years, I've come to a uncomfortable conclusion: webhook implementations are almost universally treated as an afterthought. We copy-paste a Stripe tutorial, slap a before_action :verify_signature on a controller, and call it production-ready. It's not. The "Just Receive It" Mentality Is Costing Us Ask most developers what their webhook setup looks like and you'll hear some version of: "Oh, we have an endpoint that Stripe hits and we process the event." That's it. No mention of retry handling. No idempotency. No audit trail. Definitely no outbound webhooks. This matters because real production systems are almost never one-directional. You receive events from Stripe, yes — but you're also probably sending events to your partners, your analytics pipeline, your fulfillment vendor. That outbound flow gets built as a hastily-assembled HTTParty.post buried in an ActiveRecord callback somewhere. And then it silently fails on a