VWO FullStack is an Experimentation and Feature Flagging platform for mobile apps and backend services. You can test and rollout/rollback features using VWO FullStack. All of this functionality is available with zero performance impact via easy-to-use SDKs. It allows you to test the algorithms, recommendation engines, subscription flows, etc.
Here are a couple of improvements that have been done in VWO FullStack.
1. Reducing the time taken for tracking metrics in PHP SDK
In VWO FullStack, the different APIs need to be triggered to perform different actions and SDK internally sends tracking requests to VWO to track the visitors and goals data in VWO. The tracking calls are triggered in a synchronous manner in the PHP programming language where the requests are sent to the VWO server and SDK waits for its completion before it returns anything.
For example, in PHP SDK, when the Activate API is triggered, the visitor tracking call is initiated synchronously, that is a request is sent to the VWO server and SDK waits for its completion before it returns anything. This whole process of sending the request from the SDK to the VWO server and then getting it back causes a delay. The total execution time of such APIs can be approximately 150ms due to the blocking nature of network calls and this number varies based on your servers’ location.
Now, we have provided the support for tracking calls in our PHP SDK which will send a network call to the VWO server and will not wait for its response. This will reduce the execution time of the APIs which tracks data to approximately 50 ms (majorly the Connect Time + SSL handshake time) which is almost one-third of the earlier response time. We use Google global load balancer which has Points of Presence (PoPs) in more than 90 locations to make sure that the Connectand SSL handshake time is minimum across the globe.
Note: Please use the latest version (1.11.0) of PHP SDK to use the above feature.
2. Secure your webhooks with API key-based authentication
While setting up a public endpoint that can accept campaign settings update notifications, you would want to secure your webhook to make sure that the notifications are coming from VWO and not from any third-party service which might be trying to manually trigger the VWO configured webhook.
Now, while configuring the webhook, you can secure it by generating a secret key which will be sent in the x-vwo-auth header of the POST request by VWO. You can then compare this key at your end to authenticate that the requests are sent by VWO and not by any other third-party service. In case you want to generate a new key for the webhook, you can do that from the VWO app.
Note: Make sure to keep your webhook secret key secure and private.
This feature will be available to all the accounts for which Webhooks is enabled. To learn more about it, you can refer to this Knowledge Base Article.