refactor(webhook): event filtering to support separate query paths for event_id and object_id filters

[VenuMadhav2541]

Type of Change

• Bugfix
• New feature
• Enhancement
• Refactoring
• Dependency updates
• Documentation
• CI/CD

Description

This PR enhances webhook event search functionality by adding selective search capabilities with single point search and object-based filtering options.

Key Features Added:

• Single Point Search: Search webhook events by specific event_id or object_id for precise event retrieval
• Object-Based Filtering: Filter events associated with specific object identifiers (Payment Intent ID, Refund ID, etc.)
• Dual Search Strategy: Intelligent routing between single event lookup and multi-event object filtering
• Enhanced API: Extended EventListConstraints with object_id and event_id parameters

Additional Changes

• This PR modifies the API contract
• This PR modifies the database schema
• This PR modifies application configuration/environment variables

Modified Files:

• crates/api_models/src/webhook_events.rs - Added EventIdFilter variant to enum
• crates/router/src/types/transformers.rs - Implemented validation and filter separation logic
• crates/diesel_models/src/query/events.rs - Enhanced database queries with optional parameters
• crates/router/src/db/events.rs - Updated event interface trait signatures
• crates/router/src/db/kafka_store.rs - Updated KafkaStore implementation
• crates/router/src/core/webhooks/webhook_events.rs - Updated filter matching logic

Motivation and Context

Problem Solved:

• Inefficient OR Condition Search: Previous implementation used a single search method with OR condition between event_id and object_id, leading to suboptimal query performance
• Lack of Search Differentiation: No clear separation between single-point event searches and broader object-based searches
• Suboptimal Query Performance: Combined OR conditions in database queries were not utilizing proper indexes efficiently

Solution:

• Separated Search Strategies: Created distinct search paths for ObjectIdFilter vs EventIdFilter to optimize query performance
• Single Point Search: Direct event_id search now returns exactly one event as expected
• Optimized Database Queries: Enhanced queries that differentiate between primary object ID and initial attempt ID searches
• Improved API Consistency: Clear distinction between searching for a specific event vs searching for events related to an object
• Better Query Performance: Eliminated inefficient OR conditions by routing searches to appropriate specialized methods
• Backward Compatibility: Existing API usage continues to work unchanged while benefiting from improved performance

How did you test it?

• Verifying single point search with event_id:

curl --location 'http://localhost:9000/api/events/profile/list' \
--header 'Accept: */*' \
--header 'Accept-Language: en-US,en;q=0.9' \
--header 'Connection: keep-alive' \
--header 'Content-Type: application/json' \
--header 'Origin: http://localhost:9000' \
--header 'Referer: http://localhost:9000/dashboard/webhooks' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: same-origin' \
--header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36' \
--header 'X-Merchant-Id: merchant_1757947392' \
--header 'X-Profile-Id: pro_Bp8XDEMYBxHgue23rXYw' \
--header 'api-key: hyperswitch' \
--header 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--header 'sec-ch-ua: "Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-ch-ua-platform: "macOS"' \
--header 'Cookie: security_authentication=Fe26.2**fb23b1b5932901267f6e9fb883188be7b11d73f0cd834c5b190547790ce8728a*7xUJ_lIIkvjhnFYM_LdnVg*WKXtmCCfnP8C_pdnAt2lja7ZufMpGYDKL-5-2Mr65NTRm_4J_NHrNkFFOuOh8q9dHBV3_LLRmIxtdsIJq5QgNg_DBmiBbtWgEORqmJYjV_S6ucObrUaJ_0yuVwmkAoMiPwwGMox0dt5FI9-aEHOSTTpZQFVAqgS5y37V5yIUXrW1f2I5DtlU_9LinXLAXM1bFMiaZ2ewH9a-6Jnlq4_4EIFLRat1mpcm3zQEqZYKQP8pPs8bLwiUCws6_tBfeJcK**181bf3cfacd5c70d44824056804c266d10b866349f790f0296867d9ac19403c0*nE9LGys7oBnlrVOdDAEpQzwZB84_vll4pkx8rsI4rAI; login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--data '{"event_id":"evt_300000000000000000000000000000016"}'

Response:

{
    "events": [
        {
            "event_id": "evt_300000000000000000000000000000016",
            "merchant_id": "merchant_1757947392",
            "profile_id": "pro_Bp8XDEMYBxHgue23rXYw",
            "object_id": "pay_3000005",
            "event_type": "dispute_challenged",
            "event_class": "disputes",
            "is_delivery_successful": false,
            "initial_attempt_id": "evt_300000000000000000000000000000016",
            "created": "2025-10-15T13:15:00.000Z"
        }
    ],
    "total_count": 1
}

Verifying the filter search for the object_id:

curl --location 'http://localhost:9000/api/events/profile/list' \
--header 'Accept: */*' \
--header 'Accept-Language: en-US,en;q=0.9' \
--header 'Connection: keep-alive' \
--header 'Content-Type: application/json' \
--header 'Origin: http://localhost:9000' \
--header 'Referer: http://localhost:9000/dashboard/webhooks' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: same-origin' \
--header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36' \
--header 'X-Merchant-Id: merchant_1757947392' \
--header 'X-Profile-Id: pro_Bp8XDEMYBxHgue23rXYw' \
--header 'api-key: hyperswitch' \
--header 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--header 'sec-ch-ua: "Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-ch-ua-platform: "macOS"' \
--header 'Cookie: security_authentication=Fe26.2**fb23b1b5932901267f6e9fb883188be7b11d73f0cd834c5b190547790ce8728a*7xUJ_lIIkvjhnFYM_LdnVg*WKXtmCCfnP8C_pdnAt2lja7ZufMpGYDKL-5-2Mr65NTRm_4J_NHrNkFFOuOh8q9dHBV3_LLRmIxtdsIJq5QgNg_DBmiBbtWgEORqmJYjV_S6ucObrUaJ_0yuVwmkAoMiPwwGMox0dt5FI9-aEHOSTTpZQFVAqgS5y37V5yIUXrW1f2I5DtlU_9LinXLAXM1bFMiaZ2ewH9a-6Jnlq4_4EIFLRat1mpcm3zQEqZYKQP8pPs8bLwiUCws6_tBfeJcK**181bf3cfacd5c70d44824056804c266d10b866349f790f0296867d9ac19403c0*nE9LGys7oBnlrVOdDAEpQzwZB84_vll4pkx8rsI4rAI; login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--data '{"object_id":"pay_3000005"}'

Response:

{
    "events": [
        {
            "event_id": "evt_300000000000000000000000000000016",
            "merchant_id": "merchant_1757947392",
            "profile_id": "pro_Bp8XDEMYBxHgue23rXYw",
            "object_id": "pay_3000005",
            "event_type": "dispute_challenged",
            "event_class": "disputes",
            "is_delivery_successful": false,
            "initial_attempt_id": "evt_300000000000000000000000000000016",
            "created": "2025-10-15T13:15:00.000Z"
        },
        {
            "event_id": "evt_300000000000000000000000000000001",
            "merchant_id": "merchant_1757947392",
            "profile_id": "pro_Bp8XDEMYBxHgue23rXYw",
            "object_id": "pay_3000005",
            "event_type": "payment_succeeded",
            "event_class": "payments",
            "is_delivery_successful": true,
            "initial_attempt_id": "evt_300000000000000000000000000000001",
            "created": "2025-10-15T10:00:00.000Z"
        },
        {
            "event_id": "evt_300000000000000000000000000000005",
            "merchant_id": "merchant_1757947392",
            "profile_id": "pro_Bp8XDEMYBxHgue23rXYw",
            "object_id": "pay_3000005",
            "event_type": "payment_partially_authorized",
            "event_class": "payments",
            "is_delivery_successful": true,
            "initial_attempt_id": "evt_300000000000000000000000000000005",
            "created": "2025-09-19T14:20:00.000Z"
        },
        {
            "event_id": "evt_300000000000000000000000000000004",
            "merchant_id": "merchant_1757947392",
            "profile_id": "pro_Bp8XDEMYBxHgue23rXYw",
            "object_id": "pay_3000005",
            "event_type": "payment_cancelled",
            "event_class": "payments",
            "is_delivery_successful": false,
            "initial_attempt_id": "evt_300000000000000000000000000000004",
            "created": "2025-09-18T13:15:00.000Z"
        }
    ],
    "total_count": 4
}

Validation Test - Both filters provided simultaneously:

curl --location 'http://localhost:9000/api/events/profile/list' \
--header 'Accept: */*' \
--header 'Accept-Language: en-US,en;q=0.9' \
--header 'Connection: keep-alive' \
--header 'Content-Type: application/json' \
--header 'Origin: http://localhost:9000' \
--header 'Referer: http://localhost:9000/dashboard/webhooks' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: same-origin' \
--header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36' \
--header 'X-Merchant-Id: merchant_1757947392' \
--header 'X-Profile-Id: pro_Bp8XDEMYBxHgue23rXYw' \
--header 'api-key: hyperswitch' \
--header 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--header 'sec-ch-ua: "Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-ch-ua-platform: "macOS"' \
--header 'Cookie: security_authentication=Fe26.2**fb23b1b5932901267f6e9fb883188be7b11d73f0cd834c5b190547790ce8728a*7xUJ_lIIkvjhnFYM_LdnVg*WKXtmCCfnP8C_pdnAt2lja7ZufMpGYDKL-5-2Mr65NTRm_4J_NHrNkFFOuOh8q9dHBV3_LLRmIxtdsIJq5QgNg_DBmiBbtWgEORqmJYjV_S6ucObrUaJ_0yuVwmkAoMiPwwGMox0dt5FI9-aEHOSTTpZQFVAqgS5y37V5yIUXrW1f2I5DtlU_9LinXLAXM1bFMiaZ2ewH9a-6Jnlq4_4EIFLRat1mpcm3zQEqZYKQP8pPs8bLwiUCws6_tBfeJcK**181bf3cfacd5c70d44824056804c266d10b866349f790f0296867d9ac19403c0*nE9LGys7oBnlrVOdDAEpQzwZB84_vll4pkx8rsI4rAI; login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--data '{"object_id":"pay_3000005", "event_id": "evt_300000000000000000000000000000016"}'

Response:

{
    "error": {
        "type": "invalid_request",
        "message": "Cannot specify both `object_id` and `event_id`. Please provide only one.",
        "code": "IR_16"
    }
}

Edge Case: Searching with event_id by selecting object_id and vice versa

curl --location 'http://localhost:9000/api/events/profile/list' \
--header 'Accept: */*' \
--header 'Accept-Language: en-US,en;q=0.9' \
--header 'Connection: keep-alive' \
--header 'Content-Type: application/json' \
--header 'Origin: http://localhost:9000' \
--header 'Referer: http://localhost:9000/dashboard/webhooks' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: same-origin' \
--header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36' \
--header 'X-Merchant-Id: merchant_1757947392' \
--header 'X-Profile-Id: pro_Bp8XDEMYBxHgue23rXYw' \
--header 'api-key: hyperswitch' \
--header 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--header 'sec-ch-ua: "Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-ch-ua-platform: "macOS"' \
--header 'Cookie: security_authentication=Fe26.2**fb23b1b5932901267f6e9fb883188be7b11d73f0cd834c5b190547790ce8728a*7xUJ_lIIkvjhnFYM_LdnVg*WKXtmCCfnP8C_pdnAt2lja7ZufMpGYDKL-5-2Mr65NTRm_4J_NHrNkFFOuOh8q9dHBV3_LLRmIxtdsIJq5QgNg_DBmiBbtWgEORqmJYjV_S6ucObrUaJ_0yuVwmkAoMiPwwGMox0dt5FI9-aEHOSTTpZQFVAqgS5y37V5yIUXrW1f2I5DtlU_9LinXLAXM1bFMiaZ2ewH9a-6Jnlq4_4EIFLRat1mpcm3zQEqZYKQP8pPs8bLwiUCws6_tBfeJcK**181bf3cfacd5c70d44824056804c266d10b866349f790f0296867d9ac19403c0*nE9LGys7oBnlrVOdDAEpQzwZB84_vll4pkx8rsI4rAI; login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2EzZGM3MjMtNmRiNS00NDMxLTkyMGMtZmQyMTk1ZDFjMWNkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzU3OTQ3MzkyIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc2Mzg4MjIyNywib3JnX2lkIjoib3JnX3BlbHNCdE1MNU5RWG82cG5QZFlUIiwicHJvZmlsZV9pZCI6InByb19CcDhYREVNWUJ4SGd1ZTIzclhZdyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.j31nQZhMeFFgZ9pVT0w4zbNUsfOJjZpnKCm5iHtdjWw' \
--data '{"object_id": "evt_300000000000000000000000000000016"}'

Response:

{"events":[],"total_count":0}

Checklist

• I formatted the code cargo +nightly fmt --all
• I addressed lints thrown by cargo clippy
• I reviewed the submitted code
• I added unit tests for my changes where possible

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
crates/router/src/core/webhooks/webhook_events.rs	55% smaller
crates/router/src/types/transformers.rs	45% smaller
crates/router/src/db/events.rs	43% smaller
crates/router/src/db/kafka_store.rs	31% smaller
crates/diesel_models/src/query/events.rs	20% smaller
crates/api_models/src/webhook_events.rs	0% smaller

[codecov]

Codecov Report

❌ Patch coverage is 0% with 252 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@2be1452). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
crates/router/src/db/events.rs	0.00%	180 Missing ⚠️
crates/diesel_models/src/query/events.rs	0.00%	36 Missing ⚠️
crates/router/src/db/kafka_store.rs	0.00%	28 Missing ⚠️
crates/router/src/types/transformers.rs	0.00%	7 Missing ⚠️
crates/router/src/core/webhooks/webhook_events.rs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #10402   +/-   ##
=======================================
  Coverage        ?    6.46%           
=======================================
  Files           ?     1251           
  Lines           ?   311920           
  Branches        ?        0           
=======================================
  Hits            ?    20163           
  Misses          ?   291757           
  Partials        ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Aishwariyaa-Anand]

Only one of ObjectID or EventID will be ever sent, there would be no scenario where both are provided.It would be better to split this into two separate functions list_initial_events_by_merchant_id_primary_object_id and list_initial_events_by_merchant_id_initial_attempt_id

[Aishwariyaa-Anand]

Suggested change

	"Either `object_id` alone, or `event_id` alone, or one or more of \

[Aishwariyaa-Anand]

list_initial_attempts_by_merchant_id_initial_attempt_id will always give out a single event. The return type can be Option<Self> instead of Vec<Self>.

[Aishwariyaa-Anand]

can't we just check for the event_id to be equal to initial_attempt_id?