Proposal: <podcast:events> tag, enabling podcast publishers to receive unforgeable inbound events from other entities in the open podcast ecosystem #471
Replies: 19 comments 13 replies
-
I foresee some feet-dragging for app-developers to support this, but I do really like the idea and see a ton of potential for it! I have a few thoughts for potential improvement.
I could see such a webhook receiving all kinds of information (not necessarily that these are the best ways to send such information, but this is only for brainstorming), whenever:
|
Beta Was this translation helpful? Give feedback.
-
This seems quite close in functionality to NPR's RAD proposal, and I wonder whether it's worth reviewing that for ideas and gotchas of how it was proposed there. Particularly, the opportunity to request the app to "tell me if this point was played" was helpful for program research and potentially for ad delivery. Improvements on it are the use of signed data, and as @theDanielJLewis says, it could be extensible with a number of different ideas. I like the I would also suggest it's unlikely to get take-up in apps: unless a) someone pays them to implement it; or b) someone associated with this proposal builds an app that we can get behind |
Beta Was this translation helpful? Give feedback.
-
Some differences between this and RAD (spec):
More context around this proposal: there has been some indications by some of the large podcast apps that they would be willing to send this listen data (which they already collect) securely to publishers in order to help raise the quality bar and prevent overbilling, but will only do it if it does not take a step back on privacy in any way. The mechanism this proposal uses was specifically chosen to be something that Apple, for example, would be willing to implement - once a consensus is reached on the payload. The auth mechanism (JWT with public JWK url sets) in particular was chosen since it's not only an industry standard these days, but also used by Apple in other callback apis where security is key (Sign-in with Apple / App Store In-app purchase callback notifications), ie their security team has already blessed something similar. |
Beta Was this translation helpful? Give feedback.
-
Re: embedding in apps, this proposal is strictly server-to-server, since each request needs to be signed with the private side of the RSA keypair. The private side would never leave the sender's servers or be embedded in a client app or website, etc. The flow would be that the app sends listen data down to their servers in the same way they do today, then periodically send it server-to-server for feeds that declare |
Beta Was this translation helpful? Give feedback.
-
After reading through everything, I wonder would this be doable as podping notifications? Same payload, but without the need for JWT since Hive does the authentication and it requires staking. Perhaps you are worried about message volume overwhelming Hive? |
Beta Was this translation helpful? Give feedback.
-
Bringing up the difference with RAD inspired a thought. This kind of webhook indicator would receive anything the app sends it. But should we consider a way for podcasts to indicate (probably in the episode JSON data) particular triggers? Like ping the webhook if X chapter is completed, or if XX:XX point is played, or if X% is played. |
Beta Was this translation helpful? Give feedback.
-
The thing is I think we want something that the app sends securely, and targeted only to the show, and the show's declared third parties. Hive would leave the listen data wide open, right? I guess there would be nothing preventing someone from starting a service that implemented the receiving side of this protocol (something DJ could do in a weekend!), got used by podcasters in their feeds, and turned around and republished that data back out to Hive or anywhere else - but it's the podcaster's choice in this case. |
Beta Was this translation helpful? Give feedback.
-
Listening to the board meeting with Dave and Adam. I like the idea of a different example rather than starting with "listens", given the almost instant "but NPR RAD, blah blah" reaction. One that seems to be a great and simple usecase is "reviews". When I get a review on a podcast in Podverse, send that review back to me using a webhook. I can absolutely build a receiver for Podnews (it would be super dumb, just capturing the info in a database) if you need a podcast using one. |
Beta Was this translation helpful? Give feedback.
-
I like this idea! I'll try to compile a quick summary of all of the great ideas from folks I've heard so far and put them in the doc, and provide ratings payload examples alongside listen info so it doesn't seem so tied to one use case. Strawman ratings item-level payload(s):Like all event payloads, fields common to all events can be included once in the top-level object instead of repeated in every item-level payload. All fields are required except the ones marked optional. Rating summaryCould be sent daily/weekly if the app doesn't want to send every rating/review. {
"kind": "rating-summary",
"asof": "2022-10-08T16:00:00.000Z",
"rating": 4.7,
"ratingScaleMin": 1,
"ratingScaleMax": 5,
"count": 955,
"episodeUrl": "<episode url that was downloaded>", // optional, only for apps that support episode-level reviews
"feedUrl": "<feed of the subject show in question>",
"userAgent": "<user agent that downloaded the episode>",
"referer": "<referer that downloaded the episode>", // optional, only applicable for webapps
} RatingFor apps willing to send every rating/review. {
"kind": "rating",
"time": "2022-10-08T16:49:00.226Z",
"rating": 4,
"ratingScaleMin": 1,
"ratingScaleMax": 5,
"review": "Hats off to Jane Doe who excels in character development and tells a great story with brilliant historical context.",
"author", "JohnDoe",
"episodeUrl": "<episode url that was downloaded>", // optional, only for apps that support episode-level reviews
"feedUrl": "<feed of the subject show in question>",
"userAgent": "<user agent that downloaded the episode>",
"referer": "<referer that downloaded the episode>", // optional, only applicable for webapps
} Update: I put these in the google doc |
Beta Was this translation helpful? Give feedback.
-
Consider what could be done with a tool like Zapier or IFTTT. Both services can offer webhooks for listening. So doing something in the podcast app could trigger a Zapier or IFTTT action. One (not necessarily recommended) example could be a system to auto-tweet whenever my show gets a new follower, and then promotes my follow page. "Someone from Cincinnati just subscribed to The Audacity to Podcast. Have you? [URL]" @johnspurlock, I have a ton of thoughts of how to best format rating and review data (since that is literally my business), but we can discuss that later. |
Beta Was this translation helpful? Give feedback.
-
The key thing about this proposal is that the requests are signed with strong encryption and need to be verified by the receiver before being processed or forwarded on. It's a way to setup an unforgeable/unspoofable channel from the podcast app -> feed owner (podcaster/podcast hosting company). So as long as first receiver (the I'm thinking that the flow would be that the podcast hosting company (or 3rd party) declared as the |
Beta Was this translation helpful? Give feedback.
-
Perhaps there could be a public key, or some simple authentication process, that podcasters could give to various apps, or else there's a central list of approved apps allowed to send payloads to the webhook URL. For example, Libsyn would already know have the signature stuff in place to authenticate anything from Podverse, Overcast, Apple Podcasts, and such. But for any fringe app or service, the podcaster needs to get a public API key from their hosting provider (or Zapier) that they provide to that app in order to give them permission to send the data. Anything gets block that comes in that's not preapproved by the webhook provider or using a key the podcaster has authorized. |
Beta Was this translation helpful? Give feedback.
-
Can we please quickly change this to "Events" is a geeky term, and I believe the intention of RSS was to maintain some level of human readability. But more important than that, I'd like us to reserve the "events" name for a different use, like allowing podcasters to promote actual events (conferences, live-streams, meetups, giveaways, promotions, deadlines, etc.) in their podcasts through a special tag. I also think we could simplify the tag by changing |
Beta Was this translation helpful? Give feedback.
-
@theDanielJLewis I'm happy to bikeshed the names later, but right now let's keep the documentation/artifacts stable while people are reading it - waiting to get feedback from a wider group of people. One thing to keep in mind is that while the tag only has one attribute today, it might have additional useful properties in the future (like the receiver's verifiable identity etc) so I wouldn't want to limit it to a single url (hence @samsethi Sending user activities down to the show is a really neat idea. This looks a lot like activitypub, but perhaps this is a quicker way to jumpstart, the publisher could always turn around and resyndicate over activitypub or whatever they like. A big advantage this proposal has over activitypub is that the events are verified to be coming from an app with a strong public identity. So apps have the incentive not to spam, since the receiver can easily decide to drop all incoming events from their app, or events of a certain type. Would love to brainstorm with you about what the payload for these user activity events would look like. How to identity a user, and keep the actions freeform enough to support verbs not yet considered. |
Beta Was this translation helpful? Give feedback.
-
Worthwhile linking to this today - a feature that I think https://wearebumper.com/blog/2023/01/16/listen-time/ I've pointed the author here, too. |
Beta Was this translation helpful? Give feedback.
-
That reminded me to bring in this prior discussion from a couple years before: #87 |
Beta Was this translation helpful? Give feedback.
-
User interest: https://twitter.com/ArunangshuGh/status/1660180929040748551 |
Beta Was this translation helpful? Give feedback.
-
@johnspurlock I thought I would see if there has been any movement in getting events off the ground? Over the last two days I have coded a test of I have published the server code (I modified the one we use for PodToo and open sourced it) I have taken into account what James said about privacy we HASH the IP address and user-agent so the IP address is not stored, and the data is only sent once when a user switched episode or exits the screen. Demo can be found at https://codepen.io/redimongo/full/BaeQyaP |
Beta Was this translation helpful? Give feedback.
-
Ok, so one of our podcast clients literally messages me today, asking how do we see our ratings. So I want to go over this by @johnspurlock who has kindly given us some guideline on how to create it. First the ratings code John suggested.
I would like to suggest some changes
Optional needs discussion: Say Podverse user JohnDoe sent the review above, because we know that the user-agent = podverse we can do a .JSON approach similar to how we check apps.json (https://github.com/opawg/user-agents-v2) we could add a field called user_profiles in user-agent-v2 (or similar) and that could be for example be like Note then podverse could do as they please either show all the reviews by JohnDoe. But also apps don't need to link the username if they don't want. (Again I would say privacy, but I also think we need to acknowledge the platform that sent the review). This one would work as well, for apps that don't want to send each user review.
|
Beta Was this translation helpful? Give feedback.
-
I've been listening and thinking about several conversations in the podcast world recently, and I think it would great if we could come up with a solid way of letting podcasters receive inbound events from verifiable 3rd party actors (podcast apps, directories, other hosts) with useful information for them. For example, a way for trusted podcast apps to send unforgeable information about subscribers/play information back to the show.
Ideally, we could do this in a way similar to the other podcast namespace tags, that kept the podcast feed publisher in control, and as the source of truth, while keeping things as simple as possible and without needing preauthorization or shared secrets, or certifications, etc.
Instead of a wall of markdown here in the github issue, I've started a quick Google doc with the general overview of a system I think could work well, and am publishing it publicly to see what everyone thinks and get the conversation started:
[Google Doc] Proposal:
<podcast:events>
tag, enabling podcast publishers to receive unforgeable inbound events from other entities in the open podcast ecosystemIt's meant to be readable by anyone, so I tried to avoid rabbit-holing on a bunch of detailed example code, but there should be enough in there for folks to get the idea.
2022-10-06: Published a new skymethod/podcast-events GitHub repo with a full implementation of both the sending side and the receiving side. Also a validator to test client implementations at: https://podcast-events-validator.op3.dev/. Both linked in the proposal doc
2022-10-22: Added a new "Event batching" section about how to reduce the number of calls required to the same receiver (e.g. the same podcast hosting company) by sending events for multiple feeds in the same payload
Beta Was this translation helpful? Give feedback.
All reactions