Retries, Poison Events, Logs & Alerts

Providers retry on non-2xx → your handler must be idempotent

Outbound provider calls: exponential backoff + jitter, capped

Repeated failures → send to dead-letter queue, alert human

Provide “reprocess” in admin tooling

Logs: include x-correlation-id, event type, orderId, provider ref; redact PII/secrets

Metrics: webhook throughput/backlog & error rate; SSE clients & drops; payment success by rail

Alerts: backlog > threshold; no Stripe events for X minutes; release failures > N/hr; unexpected drop in SSE clients

Synthetic heartbeat events trigger expected alerts

Dead-lettered events are visible and reprocessable

Handler swallowed error: raise log level; verify DB write in txn; add unit test.