fix(integrations): Make webhook sentry_headers stable across calls

Cache the AppPlatformEvent.sentry_headers property so the Request-ID,
timestamp, and signature are generated once per event. Previously the property
recomputed them on each access, so the values logged to the webhook request
buffer / debug UI differed from those actually sent, misleading developers
debugging deliveries.

Co-Authored-By: Claude <noreply@anthropic.com>

Author: billyvg

src/sentry/sentry_apps/api/serializers/app_platform_event.py

@@ -1,5 +1,6 @@
 from collections.abc import Mapping
 from enum import StrEnum
+from functools import cached_property
 from time import time
 from typing import Any, TypedDict
 from uuid import uuid4
@@ -89,12 +90,15 @@ def body(self) -> str:
             )
         )
 
-    @property
+    @cached_property
     def sentry_headers(self) -> dict[str, str]:
         """Headers Sentry sets on every webhook request.
 
         These are the only headers recorded in the request buffer / debug UI:
         custom webhook headers may carry secrets and must never be logged there.
+
+        Cached so the Request-ID, timestamp, and signature are computed once and
+        stay consistent between the sent request and the logged buffer entry.
         """
         request_uuid = uuid4().hex
 

tests/sentry/sentry_apps/api/serializers/test_app_platform_event.py

@@ -134,3 +134,21 @@ def test_sentry_headers_exclude_custom_headers(self) -> None:
 
         assert "Authorization" not in result.sentry_headers
         assert result.headers["Authorization"] == "Bearer secret"
+
+    def test_sentry_headers_are_stable_across_calls(self) -> None:
+        # The Request-ID/timestamp logged to the buffer must match what was sent,
+        # so sentry_headers is computed once per event rather than per access.
+        result = AppPlatformEvent[dict[str, Any]](
+            resource=SentryAppResourceType.ISSUE,
+            action=IssueActionType.ASSIGNED,
+            install=self.install,
+            data={},
+        )
+
+        first = result.sentry_headers
+        second = result.sentry_headers
+        assert first["Request-ID"] == second["Request-ID"]
+        assert first["Sentry-Hook-Timestamp"] == second["Sentry-Hook-Timestamp"]
+        # The headers actually sent carry the same values that get logged.
+        assert result.headers["Request-ID"] == first["Request-ID"]
+        assert result.headers["Sentry-Hook-Timestamp"] == first["Sentry-Hook-Timestamp"]