github
Clarify that `X-GitHub-Delivery` is unique per event, not per delivery
Code of Conduct
- [X] I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/webhooks/webhook-events-and-payloads#delivery-headers https://docs.github.com/en/webhooks/using-webhooks/best-practices-for-using-webhooks#use-the-x-github-delivery-header
What part(s) of the article would you like to see updated?
https://docs.github.com/en/webhooks/webhook-events-and-payloads#delivery-headers https://docs.github.com/en/webhooks/using-webhooks/best-practices-for-using-webhooks#use-the-x-github-delivery-header
Additional information
Hi there!
I was experiencing a puzzling issue for a while where were receiving two webhook event payloads with the same X-GitHub-Delivery GUID. At first, I assumed it was our infrastructure duplicating something because I assumed that all payloads from GitHub would have a unique X-GitHub-Delivery. However, upon further experimentation, I was able to create a scenario which sends two different payloads with the same X-GitHub-Delivery GUID by creating two GitHub Apps. This leads me to believe that X-GitHub-Delivery is unique per GitHub event, not unique per delivery as the documentation implies. Further, this means the guidance in this section is nuanced because there are cases where I want to handle the webhook differently based on which App is sending the event, which means excluding payloads based on X-GitHub-Delivery isn't always valid.
Below are some screenshots showing the same X-GitHub-Delivery from two different GitHub Apps.
1. I created two GitHub Apps to send webhook events to two different callback URLs.
2. This screenshot shows the same X-GitHub-Delivery GUID routed to two destinations.
Additionally, it shows unique Amazon CloudFront and Amazon Load Balancer IDs for the web request.
3. This screenshot shows the same X-GitHub-Delivery with two different app_ids.
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
@minusworld Thank you for opening this issue! I'll get this triaged for review ✨
Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert :eyes:
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
The X-GitHub-Delivery header is indeed only unique per Event and not per delivery. Is a repository had 10 apps listening to the same event, all these apps would receive the same delivery payload for that event.
cc: @skedwards88
Thanks for the confirmation, Kevin, and thanks for this detailed and clear issue @minusworld !
You or anyone else is welcome to open a PR to clarify this:
- Update the description of
X-GitHub-Deliveryin https://docs.github.com/webhooks/webhook-events-and-payloads to clarify that this ID is unique per event (not per delivery) - Update the "Use the
X-GitHub-Deliveryheader" section in the best practices article to clarify that this ID is unique per event (not per delivery)
Code of Conduct
- [x] I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/webhooks/webhook-events-and-payloads#delivery-headers https://docs.github.com/en/webhooks/using-webhooks/best-practices-for-using-webhooks#use-the-x-github-delivery-header
What part(s) of the article would you like to see updated?
https://docs.github.com/en/webhooks/webhook-events-and-payloads#delivery-headers https://docs.github.com/en/webhooks/using-webhooks/best-practices-for-using-webhooks#use-the-x-github-delivery-header
Additional information
Hi there!
I was experiencing a puzzling issue for a while where were receiving two webhook event payloads with the same
X-GitHub-DeliveryGUID. At first, I assumed it was our infrastructure duplicating something because I assumed that all payloads from GitHub would have a uniqueX-GitHub-Delivery. However, upon further experimentation, I was able to create a scenario which sends two different payloads with the sameX-GitHub-DeliveryGUID by creating two GitHub Apps. This leads me to believe thatX-GitHub-Deliveryis unique per GitHub event, not unique per delivery as the documentation implies. Further, this means the guidance in this section is nuanced because there are cases where I want to handle the webhook differently based on which App is sending the event, which means excluding payloads based onX-GitHub-Deliveryisn't always valid.Below are some screenshots showing the same
X-GitHub-Deliveryfrom two different GitHub Apps.1. I created two GitHub Apps to send webhook events to two different callback URLs.
### 2. This screenshot shows the same `X-GitHub-Delivery` GUID routed to two destinations. Additionally, it shows unique Amazon CloudFront and Amazon Load Balancer IDs for the web request.
3. This screenshot shows the same
X-GitHub-Deliverywith two differentapp_ids.
