Handling Webhook 5xx Failures: Building a Dead Letter Queue with Genesys Cloud APIs
What You Will Build
- You will build a Python service that intercepts failed webhook deliveries from Genesys Cloud, stores them in a durable queue (Dead Letter Queue), and implements a retry mechanism to re-process them.
- You will use the Genesys Cloud
/api/v2/webhooksAPI endpoints and thegenesyscloud-pythonSDK to manage webhook configurations and inspect delivery logs. - You will use Python with
httpxfor async HTTP requests andsqlite3as a lightweight persistence layer to simulate a production-grade dead letter queue.
Prerequisites
- OAuth Client Type: Confidential Client (Client Credentials Grant) or Public Client (PKCE) depending on your deployment. For this tutorial, we assume a Confidential Client running on a secure server.
- Required Scopes:
webhooks:read,webhooks:write,integration:read,integration:write. - SDK Version:
genesyscloud-pythonversion 120.0.0 or higher. - Language/Runtime: Python 3.9+.
- External Dependencies:
pip install genesyscloud-python httpx pydantic
Authentication Setup
Genesys Cloud uses OAuth 2.0 for API access. For a background service handling dead letter retries, the Client Credentials flow is the most robust pattern because it does not require user interaction and allows for long-lived, automated access.
You must configure your OAuth client in the Genesys Cloud Admin console with the webhooks scopes mentioned above.
import httpx
import json
import time
from typing import Optional
class GenesysAuth:
def __init__(self, client_id: str, client_secret: str, base_url: str = "https://api.mypurecloud.com"):
self.client_id = client_id
self.client_secret = client_secret
self.base_url = base_url
self.token: Optional[str] = None
self.token_expiry: float = 0
async def get_token(self) -> str:
"""
Retrieves an OAuth2 access token using Client Credentials grant.
Implements basic caching to avoid requesting a new token on every call.
"""
# If token exists and has not expired, return it
if self.token and time.time() < self.token_expiry:
return self.token
url = f"{self.base_url}/oauth/token"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": f"Basic {self._encode_credentials()}"
}
data = {
"grant_type": "client_credentials",
"scope": "webhooks:read webhooks:write integration:read integration:write"
}
async with httpx.AsyncClient() as client:
response = await client.post(url, headers=headers, data=data)
response.raise_for_status()
token_data = response.json()
self.token = token_data["access_token"]
# Subtract 60 seconds to ensure we refresh before actual expiry
self.token_expiry = time.time() + token_data["expires_in"] - 60
return self.token
def _encode_credentials(self) -> str:
import base64
credentials = f"{self.client_id}:{self.client_secret}"
return base64.b64encode(credentials.encode("utf-8")).decode("utf-8")
Implementation
Step 1: Identify Failed Webhooks
Before building the retry logic, you must identify which webhooks are failing. Genesys Cloud provides a delivery log endpoint that returns the status of recent webhook attempts. You will query this endpoint to find webhooks that returned a 5xx status code from the target server.
The endpoint /api/v2/webhooks/delivery/logs allows you to filter by webhook ID and status.
import httpx
from typing import List, Dict, Any
class WebhookMonitor:
def __init__(self, auth: GenesysAuth):
self.auth = auth
self.base_url = auth.base_url
async def get_failed_deliveries(self, webhook_id: str, limit: int = 100) -> List[Dict[str, Any]]:
"""
Retrieves recent failed webhook deliveries for a specific webhook.
Filters for 5xx server errors which are candidates for retry.
"""
token = await self.auth.get_token()
url = f"{self.base_url}/api/v2/webhooks/delivery/logs"
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json"
}
params = {
"webhookId": webhook_id,
"limit": limit,
# Filter for failed attempts. Genesys logs 'failed' for 4xx/5xx.
# We will filter 5xx specifically in code for precision.
"status": "failed"
}
async with httpx.AsyncClient() as client:
response = await client.get(url, headers=headers, params=params)
if response.status_code == 401:
raise Exception("Authentication failed. Check OAuth token.")
if response.status_code == 403:
raise Exception("Forbidden. Check if OAuth client has 'webhooks:read' scope.")
response.raise_for_status()
data = response.json()
entities = data.get("entities", [])
# Filter specifically for 5xx errors from the target server
failed_5xx = []
for log in entities:
# log['responseCode'] contains the HTTP status returned by the TARGET server
if log.get("responseCode") and 500 <= int(log.get("responseCode", 0)) < 600:
failed_5xx.append(log)
return failed_5xx
Step 2: Implement the Dead Letter Queue (DLQ)
A Dead Letter Queue is a storage mechanism for messages that cannot be processed. In this context, it stores the payload of the failed webhook so it can be retried later without losing data.
We will use a simple SQLite database to persist the failed payloads. In a production environment, you might use Amazon SQS, Azure Service Bus, or RabbitMQ. The structure remains the same: store the original request body, the error response, and the timestamp.
import sqlite3
import json
from datetime import datetime
class DeadLetterQueue:
def __init__(self, db_path: str = "dlq.db"):
self.db_path = db_path
self._init_db()
def _init_db(self):
"""Initializes the SQLite database schema."""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
cursor.execute("""
CREATE TABLE IF NOT EXISTS failed_webhooks (
id INTEGER PRIMARY KEY AUTOINCREMENT,
webhook_id TEXT NOT NULL,
original_payload TEXT NOT NULL,
error_response_code INTEGER,
error_response_body TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
retry_count INTEGER DEFAULT 0,
last_retry_at TIMESTAMP
)
""")
conn.commit()
conn.close()
def enqueue(self, webhook_id: str, payload: str, error_code: int, error_body: str):
"""Adds a failed webhook payload to the DLQ."""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
cursor.execute("""
INSERT INTO failed_webhooks (webhook_id, original_payload, error_response_code, error_response_body)
VALUES (?, ?, ?, ?)
""", (webhook_id, payload, error_code, error_body))
conn.commit()
conn.close()
def dequeue_for_retry(self, webhook_id: str, limit: int = 10) -> List[Dict]:
"""
Retrieves failed payloads from the DLQ for retry.
Uses a locking mechanism simulation by selecting and marking as 'processing'
(in a real distributed system, use database transactions or queue consumption patterns).
"""
conn = sqlite3.connect(self.db_path)
conn.row_factory = sqlite3.Row
cursor = conn.cursor()
# Select items that have not been retried too many times (max 5 retries)
cursor.execute("""
SELECT id, webhook_id, original_payload, error_response_code, error_response_body, retry_count
FROM failed_webhooks
WHERE webhook_id = ? AND retry_count < 5
ORDER BY created_at ASC
LIMIT ?
""", (webhook_id, limit))
rows = cursor.fetchall()
items = [dict(row) for row in rows]
# In a real scenario, you would update the status here to 'processing'
# to prevent other workers from picking it up.
# For this tutorial, we will just fetch them.
conn.close()
return items
def mark_as_success(self, dlq_id: int):
"""Removes an item from the DLQ after successful retry."""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
cursor.execute("DELETE FROM failed_webhooks WHERE id = ?", (dlq_id,))
conn.commit()
conn.close()
def increment_retry_count(self, dlq_id: int):
"""Increments the retry count for a failed item."""
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
cursor.execute("""
UPDATE failed_webhooks
SET retry_count = retry_count + 1, last_retry_at = CURRENT_TIMESTAMP
WHERE id = ?
""", (dlq_id,))
conn.commit()
conn.close()
Step 3: Process Retries with Backoff
Now you will implement the worker that pulls items from the DLQ and attempts to resend the webhook payload to the target endpoint. You must implement exponential backoff to avoid overwhelming the target server if it is still experiencing issues.
Note: You cannot simply “re-send” the exact same HTTP request via Genesys APIs because Genesys controls the outbound connection. Instead, the standard pattern for 5xx failures in Genesys is to ensure the target endpoint is healthy. If you are building a custom integration, you might trigger a re-evaluation of the data.
However, a more robust pattern for custom retry logic is to have your own service act as the intermediate target. If you are using Genesys Webhooks directly, you cannot force a re-delivery via API. Therefore, this tutorial assumes a Hybrid Pattern: You are building a service that simulates the retry by calling the target endpoint directly from your server, effectively bypassing Genesys for the retry attempt. This is a common pattern when Genesys delivery fails but the data is critical.
Important: This requires you to know the target URL and headers of the original webhook. You can retrieve this from the Webhook configuration.
import httpx
import asyncio
from typing import Dict, Any
class RetryWorker:
def __init__(self, dlq: DeadLetterQueue):
self.dlq = dlq
async def process_retries(self, webhook_id: str, target_url: str, headers: Dict[str, str]):
"""
Pulls failed payloads from DLQ and attempts to send them to the target URL.
"""
failed_items = self.dlq.dequeue_for_retry(webhook_id, limit=5)
if not failed_items:
return
for item in failed_items:
dlq_id = item["id"]
payload = item["original_payload"]
retry_count = item["retry_count"]
# Calculate exponential backoff delay (2^retry_count seconds)
delay = 2 ** retry_count
print(f"Waiting {delay} seconds before retrying item {dlq_id}...")
await asyncio.sleep(delay)
success = await self._attempt_send(target_url, headers, payload)
if success:
print(f"Success! Removing item {dlq_id} from DLQ.")
self.dlq.mark_as_success(dlq_id)
else:
print(f"Retry failed for item {dlq_id}. Incrementing retry count.")
self.dlq.increment_retry_count(dlq_id)
async def _attempt_send(self, url: str, headers: Dict[str, str], payload: str) -> bool:
"""
Attempts to send the payload to the target URL.
Returns True if successful (2xx), False otherwise.
"""
async with httpx.AsyncClient() as client:
try:
response = await client.post(
url,
headers=headers,
content=payload,
timeout=10.0
)
# Success is defined as 2xx
return 200 <= response.status_code < 300
except httpx.RequestError as e:
print(f"Network error during retry: {e}")
return False
except Exception as e:
print(f"Unexpected error during retry: {e}")
return False
Step 4: Orchestrate the Flow
You need a main orchestrator that ties the authentication, monitoring, DLQ, and retry worker together. This script will run periodically (e.g., via cron or systemd timer) to check for failures and process retries.
import asyncio
import sys
async def main():
# Configuration
CLIENT_ID = "your_client_id"
CLIENT_SECRET = "your_client_secret"
WEBHOOK_ID = "your_webhook_id"
TARGET_URL = "https://your-target-server.com/webhook"
TARGET_HEADERS = {
"Content-Type": "application/json",
"Authorization": "Bearer your-target-token" # If required by target
}
# Initialize Components
auth = GenesysAuth(CLIENT_ID, CLIENT_SECRET)
monitor = WebhookMonitor(auth)
dlq = DeadLetterQueue("dlq.db")
worker = RetryWorker(dlq)
try:
print("Fetching failed deliveries...")
failed_logs = await monitor.get_failed_deliveries(WEBHOOK_ID)
if not failed_logs:
print("No failed deliveries found.")
return
print(f"Found {len(failed_logs)} failed deliveries.")
# Enqueue failed payloads
for log in failed_logs:
# In a real scenario, you might fetch the original payload from a separate archive
# or reconstruct it. Here, we assume we have access to the payload body from the log.
# Note: Genesys logs may truncate large payloads.
payload = log.get("requestBody", "{}")
error_code = log.get("responseCode", 500)
error_body = log.get("responseBody", "")
# Check if already in DLQ to avoid duplicates
# (Simplified check: in production, use a unique key based on log ID)
dlq.enqueue(WEBHOOK_ID, payload, error_code, error_body)
print("Processing retries...")
await worker.process_retries(WEBHOOK_ID, TARGET_URL, TARGET_HEADERS)
except Exception as e:
print(f"Error in main orchestration: {e}")
sys.exit(1)
if __name__ == "__main__":
asyncio.run(main())
Complete Working Example
Below is the complete, consolidated script. Save this as webhook_dlq_worker.py. You must replace the placeholder values with your actual Genesys Cloud credentials and webhook details.
import httpx
import json
import time
import sqlite3
import asyncio
import sys
from typing import Optional, List, Dict, Any
from datetime import datetime
# --- Authentication ---
class GenesysAuth:
def __init__(self, client_id: str, client_secret: str, base_url: str = "https://api.mypurecloud.com"):
self.client_id = client_id
self.client_secret = client_secret
self.base_url = base_url
self.token: Optional[str] = None
self.token_expiry: float = 0
async def get_token(self) -> str:
if self.token and time.time() < self.token_expiry:
return self.token
url = f"{self.base_url}/oauth/token"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": f"Basic {self._encode_credentials()}"
}
data = {
"grant_type": "client_credentials",
"scope": "webhooks:read webhooks:write integration:read integration:write"
}
async with httpx.AsyncClient() as client:
response = await client.post(url, headers=headers, data=data)
response.raise_for_status()
token_data = response.json()
self.token = token_data["access_token"]
self.token_expiry = time.time() + token_data["expires_in"] - 60
return self.token
def _encode_credentials(self) -> str:
import base64
credentials = f"{self.client_id}:{self.client_secret}"
return base64.b64encode(credentials.encode("utf-8")).decode("utf-8")
# --- Monitoring ---
class WebhookMonitor:
def __init__(self, auth: GenesysAuth):
self.auth = auth
self.base_url = auth.base_url
async def get_failed_deliveries(self, webhook_id: str, limit: int = 100) -> List[Dict[str, Any]]:
token = await self.auth.get_token()
url = f"{self.base_url}/api/v2/webhooks/delivery/logs"
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json"
}
params = {
"webhookId": webhook_id,
"limit": limit,
"status": "failed"
}
async with httpx.AsyncClient() as client:
response = await client.get(url, headers=headers, params=params)
if response.status_code == 401:
raise Exception("Authentication failed.")
if response.status_code == 403:
raise Exception("Forbidden. Check scopes.")
response.raise_for_status()
data = response.json()
entities = data.get("entities", [])
failed_5xx = []
for log in entities:
if log.get("responseCode") and 500 <= int(log.get("responseCode", 0)) < 600:
failed_5xx.append(log)
return failed_5xx
# --- Dead Letter Queue ---
class DeadLetterQueue:
def __init__(self, db_path: str = "dlq.db"):
self.db_path = db_path
self._init_db()
def _init_db(self):
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
cursor.execute("""
CREATE TABLE IF NOT EXISTS failed_webhooks (
id INTEGER PRIMARY KEY AUTOINCREMENT,
webhook_id TEXT NOT NULL,
original_payload TEXT NOT NULL,
error_response_code INTEGER,
error_response_body TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
retry_count INTEGER DEFAULT 0,
last_retry_at TIMESTAMP
)
""")
conn.commit()
conn.close()
def enqueue(self, webhook_id: str, payload: str, error_code: int, error_body: str):
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
# Use INSERT OR IGNORE if you have a unique constraint on log_id,
# but here we rely on simple insertion for the tutorial.
cursor.execute("""
INSERT INTO failed_webhooks (webhook_id, original_payload, error_response_code, error_response_body)
VALUES (?, ?, ?, ?)
""", (webhook_id, payload, error_code, error_body))
conn.commit()
conn.close()
def dequeue_for_retry(self, webhook_id: str, limit: int = 10) -> List[Dict]:
conn = sqlite3.connect(self.db_path)
conn.row_factory = sqlite3.Row
cursor = conn.cursor()
cursor.execute("""
SELECT id, webhook_id, original_payload, error_response_code, error_response_body, retry_count
FROM failed_webhooks
WHERE webhook_id = ? AND retry_count < 5
ORDER BY created_at ASC
LIMIT ?
""", (webhook_id, limit))
rows = cursor.fetchall()
items = [dict(row) for row in rows]
conn.close()
return items
def mark_as_success(self, dlq_id: int):
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
cursor.execute("DELETE FROM failed_webhooks WHERE id = ?", (dlq_id,))
conn.commit()
conn.close()
def increment_retry_count(self, dlq_id: int):
conn = sqlite3.connect(self.db_path)
cursor = conn.cursor()
cursor.execute("""
UPDATE failed_webhooks
SET retry_count = retry_count + 1, last_retry_at = CURRENT_TIMESTAMP
WHERE id = ?
""", (dlq_id,))
conn.commit()
conn.close()
# --- Retry Worker ---
class RetryWorker:
def __init__(self, dlq: DeadLetterQueue):
self.dlq = dlq
async def process_retries(self, webhook_id: str, target_url: str, headers: Dict[str, str]):
failed_items = self.dlq.dequeue_for_retry(webhook_id, limit=5)
if not failed_items:
print("No items in DLQ to retry.")
return
for item in failed_items:
dlq_id = item["id"]
payload = item["original_payload"]
retry_count = item["retry_count"]
delay = 2 ** retry_count
print(f"Waiting {delay}s before retrying item {dlq_id}...")
await asyncio.sleep(delay)
success = await self._attempt_send(target_url, headers, payload)
if success:
print(f"Success! Removing item {dlq_id} from DLQ.")
self.dlq.mark_as_success(dlq_id)
else:
print(f"Retry failed for item {dlq_id}. Incrementing retry count.")
self.dlq.increment_retry_count(dlq_id)
async def _attempt_send(self, url: str, headers: Dict[str, str], payload: str) -> bool:
async with httpx.AsyncClient() as client:
try:
response = await client.post(
url,
headers=headers,
content=payload,
timeout=10.0
)
return 200 <= response.status_code < 300
except Exception as e:
print(f"Network error during retry: {e}")
return False
# --- Main Orchestration ---
async def main():
# REPLACE THESE VALUES
CLIENT_ID = "YOUR_CLIENT_ID"
CLIENT_SECRET = "YOUR_CLIENT_SECRET"
WEBHOOK_ID = "YOUR_WEBHOOK_ID"
TARGET_URL = "https://your-target-server.com/webhook"
TARGET_HEADERS = {
"Content-Type": "application/json",
# Add any authentication headers required by your target server
}
auth = GenesysAuth(CLIENT_ID, CLIENT_SECRET)
monitor = WebhookMonitor(auth)
dlq = DeadLetterQueue("dlq.db")
worker = RetryWorker(dlq)
try:
print("Fetching failed deliveries...")
failed_logs = await monitor.get_failed_deliveries(WEBHOOK_ID)
if not failed_logs:
print("No failed deliveries found.")
return
print(f"Found {len(failed_logs)} failed deliveries.")
for log in failed_logs:
payload = log.get("requestBody", "{}")
error_code = log.get("responseCode", 500)
error_body = log.get("responseBody", "")
dlq.enqueue(WEBHOOK_ID, payload, error_code, error_body)
print("Processing retries...")
await worker.process_retries(WEBHOOK_ID, TARGET_URL, TARGET_HEADERS)
except Exception as e:
print(f"Error: {e}")
sys.exit(1)
if __name__ == "__main__":
asyncio.run(main())
Common Errors & Debugging
Error: 401 Unauthorized
Cause: The OAuth token is invalid, expired, or the Client ID/Secret is incorrect.
Fix: Verify your client_id and client_secret. Ensure the OAuth client is active in Genesys Cloud. Check that the token is being refreshed before expiry.
# In GenesysAuth.get_token():
if response.status_code == 401:
print("OAuth Token Invalid. Refreshing...")
self.token = None # Force refresh
return await self.get_token()
Error: 403 Forbidden
Cause: The OAuth client does not have the required scopes.
Fix: Go to Genesys Cloud Admin > Admin > Security > OAuth Clients. Select your client and ensure webhooks:read and webhooks:write are checked.
Error: 429 Too Many Requests
Cause: You are hitting the Genesys Cloud API rate limits.
Fix: Implement retry logic with exponential backoff in the WebhookMonitor class.
# In WebhookMonitor.get_failed_deliveries():
if response.status_code == 429:
retry_after = int(response.headers.get("Retry-After", 5))
print(f"Rate limited. Waiting {retry_after} seconds...")
await asyncio.sleep(retry_after)
return await self.get_failed_deliveries(webhook_id, limit)
Error: Payload Not Found in Log
Cause: Genesys Cloud may truncate large request bodies in the delivery log.
Fix: For large payloads, consider archiving the payload at the target server before returning a 5xx error, or use a separate logging mechanism. The DLQ pattern works best when the payload is available. If the payload is truncated, you cannot retry the exact same data.