What's a webhook?

What are server webhooks and how do you use them in your application.

A Webhook is an increasingly growing Application Programming Interface (API) concept. Also known as a web callback and sometimes an HTTP Push API, a webhook is a technique of an application to offer another application(s) real-time data.

Webhook basics

A webhook delivers information to another application immediately after an event is generated, implying you receive information instantly. They are incredibly vital and resource-light methods of implementing event reactions. Nevertheless, webhooks are characterized by the difficulty of initially configuring them. A webhook is also known as a Reverse API as it offers you what amounts to API specifications and requires you to design an API for it to consume.

Consuming a webhook

First and foremost, you're required to provide the webhook provider with the URL that the requests need to be delivered. This implies that you're required to configure an URL in your application that can be accessed from the public internet. Most webhooks POST information to users in two major ways: as XML or JSON for interpretation and as form information. Both methods are fairly straightforward. A service provider is tasked with explaining how the delivery is executed.

Debugging a webhook

At times, debugging a webhook can be sophisticated because a webhook is largely asynchronous. Therefore, you need to trigger it, wait, and probe the reaction. Truly, this is a tedious and equitably inefficient method. Fortunately, there are more effective ways of doing it as outlined below:

Comprehend what is provided by the webhooks by applying resources such as RequsetBin to gather webhook requests.

  • Use tools such as cURL and Postman to mock these requests.
  • Use tools such as ngrok to assess the code on the machine.
  • Use tools such as Runscope to watch the entire flow.

Securing a webhook

To prevent people (bad actors) from offering you false data via the publicly available URLs, you must adopt these preventive techniques.

  • Affix tokens to the publicly available tokens to act as peculiar identification
  • Apply Basic Auth, a broadly supported and user-friendly technique
  • Have your provider sign all requests they make and very the signatures.

Important Gotchas

When developing webhook customers, you need to keep in mind a few things: Webhooks are designed to deliver information to applications and may cease paying attention once a request is made. This implies if a particular application is error-prone, you may end up losing the data. So, it's important to acknowledge how a webhook provider handles responses to be prepared for any error. A webhook can make myriads of responses. In the event the provider has immense events to tell, you may be required to DDoS your application. So always ensure that your app can accommodate the anticipated scale of the webhook.

Get Your Feet Wet

To understand a website, you should try it. Webhooks are applied in different services so you can try one. They are:

  • MailSlurp – delivers event information and parses emails via webhooks
  • Twilio – use a webhook to respond to text messages and phone calls
  • Github – updates apps through webhooks
  • Foursquare – use webhook to notify apps when users check in.