api-health-check.md

# API and Webhook Health Check Sample

This is a sanitized sample for a focused technical triage pass for API/webhook workflows.\
It is not a paid client deliverable and uses synthetic payloads only.

## Inputs

- Target URL: staging endpoint or internal test API
- Inputs: expected payload shape, auth method, retry/backoff expectation, and payload timeout behavior
- Access context: endpoint URL, request headers policy, and sample payloads
- Error logs: request/response snapshots, if available

## Scope

- One endpoint, one webhook path, one retry or timeout configuration.
- No production credentials requested in this first pass.
- Goal: isolate one reliable acceptance check and a short handoff note.

## 1-Day Triage Plan

1. Capture baseline with a single synthetic request
- request method, status code, latency, and body
- `curl` style output and response parse check
2. Map failure states
- invalid payload format
- missing/invalid signature or token
- wrong timeout/retry behavior
- queue/backpressure mismatch
3. Validate idempotency and duplicate handling
- repeated request behavior
- dedupe key checks and side-effects
4. Capture a reproducible diagnostic
- request script
- response assertions
- expected next action for owner

## Handoff Artifact (single-file)

```text
input: endpoint + payload + auth token strategy
check: status/response assertions
script: test curl examples + verification command
result: pass/fail + residual risk
risk: stale cache, auth expiry, production-only path
```

## Example Script Snippet

```bash
# basic smoke check
curl -sS -X POST \
-H 'Content-Type: application/json' \
-H 'X-Hook-Token: changeme' \
-d '{"event":"order.updated","id":"ord_123","status":"paid"}' \
'https://staging.example.com/webhooks/orders' \
| jq .
```

## Acceptance Check

- Request returns stable 2xx or explicit contract-safe non-2xx behavior.
- Payload parser accepts expected fields and rejects malformed payloads with clear error messages.
- Retry/duplicate behavior is documented with expected idempotency outcome.
- Final handoff includes one exact command to rerun + one residual risk item.

## Evidence Style

- Keep raw logs in a snippet block.
- Record expected vs actual status for each test vector.
- Never include secrets in logs or artifacts.

## Handoff Output

- Request/response matrix
- Retry decision (keep/stop/retry)
- Concrete fix path for implementation pass 2
- Clear owner-facing checklist for the production rollout