One of the teams in my previous role built a webhook which sends a request to the proposed endpoint from the subscribed external client if certain events happen in the application. One of the requirements is if the webhook fails to send request to the proposed endpoint, it will send an email notification to the client’s nominated email address.
The team that built it includes the whole stack trace of the error in the email notification to the client. This got picked up during the demo and my team suggested to only include the error message without the full stack trace. There are a few reasons why it is a bad idea to include the full stack trace in email notification sent to external client.
- The stack trace includes lots of technical details that the client likely does not care.
- It’s not particularly useful to the clients since they cannot really do much about it. The error message is enough.
- The stack trace exposes technical details of the application which we might not want the clients to know.
