A key element of Gusto’s ability to serve such a wide range of customers and partners is a rich and robust API offering, at the center of which is Gusto’s webhook system.
Gusto’s partners and customers rely on its webhook service to get real time notifications, and to trigger mission critical automations. They subscribe to Gusto’s hundreds of webhook events in order to power their HR and payroll operations. Webhooks are therefore essential to Gusto's growth.
With webhooks, Gusto can instantly share reliable payroll and employee data, which drives its partners and customers to build more and more automations and integrations around Gusto, which thereby makes them rely ever more deeply on Gusto’s services.
Without webhooks, Gusto’s partners and customers would need to poll Gusto's API continuously to get the data they need to power their business. But API polling is inefficient and resource intensive, for both the API consumer and the API provider (Gusto). It leads to high operation costs and low performing systems, and unlike webhooks it isn’t real time - so when customer workflows are triggered between data updates, it results in errors and terrible user experience.
Here is a quote from one of Gusto's Embedded Payroll partners:
Most critically, Gusto’s customers and partners use its webhook system to power their payroll operations, which must be 100% reliable and punctual.
For example, a webhook triggers a notification to the customer’s payroll admin to review and process the payroll. Then, when the payroll is paid, a webhook notifies the customer’s employees that their paychecks are on the way (based on the "payroll.paid" webhook).
Another mission critical use case for Gusto’s webhooks is to ensure customers can sync data between their system and Gusto. For example, events for “employee updated”, “employee terminated”, and “employee deleted” are used to ensure employee data is accurate and up to date, always in real time.
Same goes for triggering automations to enroll a new employee in onboarding tasks, the Gusto customer would subscribe to the "employee.created" webhook.
Gusto’s webhook service is successful because they’ve implemented all the best practices laid out in the Standard Webhook specification to ensure reliability, scalability, and security.
They offer up to 16 retries with an exponential backoff schedule over 3 days in case an endpoint starts to fail, so as to give customers ample opportunity to fix their webhook receiver without losing any data. They also sign every webhook with an HMAC signature using SHA256 encryption so that users can verify that Gusto is indeed the origin of the webhook.
Implementing a webhook service of Gusto’s quality is harder than it seems. It's easy to simply fire and forget API calls, but in order to ensure business critical messages are not lost, the engineering team needs to account for issues like noisy neighbor and thundering herd, and to ensure scalability.
The team building the webhook system must also build tools for their customers to manage and troubleshoot the webhook system, if customers are to build mission critical integrations and automations that rely on it.
The engineering team also needs to account for security vulnerabilities like replay and man in the middle attacks, by building robust signature schemes so webhooks consumers can be certain the webhook messages are not forged.
Gusto invested time and effort to ensure the reliability and scalability of their webhook service in order to power their own growth. It is evident that it was well worth it.
We are here for you.