```
https://yourapi.com/invoices/?callback_url=https://www.external.org/events
```

con un JSON body de:

```JSON
{
    "id": "2expen51ve",
    "customer": "Mr. Richie Rich",
    "total": "9999"
}
```

luego *tu API* procesará la factura y, en algún momento después, enviará un request de callback al `callback_url` (la *API externa*):

```

 * retry policies, and contextual information.
 *
 * This exception consolidates the various SMB exception types and provides:
 * - Standardized error codes
 * - Automatic retry policies
 * - Rich contextual information
 * - Error categorization
 * - Performance metrics
 */
public class SmbOperationException extends CIFSException implements Serializable {

    private static final long serialVersionUID = 1L;

      sort(
          insertionOrder,
          new Comparator<V>() {
            @Override
            public int compare(V left, V right) {
              // The indexes are small enough for the subtraction trick to be safe.
              return indexOfEntryWithValue(left) - indexOfEntryWithValue(right);
            }

            int indexOfEntryWithValue(V value) {
              for (int i = 0; i < orderedEntries.size(); i++) {

		header.Set("X-XSS-Protection", "1; mode=block")                                // Prevents against XSS attacks
		header.Set("X-Content-Type-Options", "nosniff")                                // Prevent mime-sniff
		header.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains") // HSTS mitigates variants of MITM attacks

		// Previously, this value was set right before a response was sent to

 *      * response ([responseFailed])
 *        * headers ([responseHeadersStart], [responseHeadersEnd])
 *        * body ([responseBodyStart], [responseBodyEnd])
 *
 * This nesting is typical but not strict. For example, when calls use "Expect: continue" the
 * request body start and end events occur within the response header events. Similarly,
 * [duplex calls][RequestBody.isDuplex] interleave the request and response bodies.
 *

      cookieBuilder.sameSite(" a ").build()
    }

    cookieBuilder.sameSite("a").build()
  }

  @Test
  fun builderSameSite(sameSite: String = burstValues("Lax", "Strict", "UnrecognizedButValid")) {
    val cookie =
      Cookie
        .Builder()
        .name("a")
        .value("b")
        .domain("example.com")
        .sameSite(sameSite)
        .build()

   * then the effect of the function is non-existent: we serve storedPermits at exactly the same
   * cost as fresh ones (1/QPS is the cost for each). We use this trick later.
   *
   * If we pick a function that goes /below/ that horizontal line, it means that we reduce the area
   * of the function, thus time. Thus, the RateLimiter becomes /faster/ after a period of

 *  Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we
    could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to
    fail the call.

 *  Fix: Recover gracefully when a coalesced connection immediately goes unhealthy.

## Version 3.14.2

_2019-05-19_

    // an SSL context for an attacking webserver. It includes both these rogue certificates plus the
    // trusted good certificate above. The attack is that by including the good certificate in the
    // chain, we may trick the certificate pinner into accepting the rouge certificate.
    val compromisedIntermediateCa =
      HeldCertificate
        .Builder()
        .signedBy(rootCa)
        .certificateAuthority(0)

   *    originating the navigation, and the subject is the page being navigated to.
   *
   * The values of this attribute determine whether this cookie is sent for cross-site calls:
   *
   *  - "Strict": the cookie is omitted when the subject URL is an embedded resource or a
   *    potentially-destructive navigation.
   *
   *  - "Lax": the cookie is omitted when the subject URL is an embedded resource. It is sent for