Candidate Test — Backend Developer
Brief
Build a Laravel endpoint that accepts a webhook from a fictional payments vendor (OpenAPI spec provided), validates the signed payload, persists the event to PostgreSQL, enqueues a background job to notify the corresponding SPYN user via Pusher, and exposes an idempotent admin retry endpoint.
The webhook may arrive out of order or be replayed; your design must be safe under both.
Time-box
90 minutes. Submit a zip of the Laravel project plus a README explaining design decisions.
Deliverables
- The endpoint, with HTTP signature validation.
- Database migration and Eloquent model(s).
- The background job, registered with Horizon.
- The admin retry endpoint, idempotent.
- Tests covering the success path, one duplicate-event case, and one signature-failure case.
- README with design notes.
Scoring rubric (1–5 per category)
| Category | Key risk |
|---|---|
| Data modelling | — |
| Request validation | — |
| Error handling | — |
| Queue design | — |
| Security | Yes |
| Observability | Yes |
| Code clarity | — |
| Test coverage | — |
Pass criteria
- Average ≥ 4.0, no category < 3.0, both key risks ≥ 4.0.
AI use
Permitted. Be ready to defend every design decision.