What is a Webhook and How Does it Work

What is a Webhook and How Does it Work

If you're already automating your business or just planning to, you've probably already come across this little-understood term. So, many people wonder what Webhooks are? In this material we'll tell you in as simple words as possible about what it Webhook means.

Many people know what API means today. API stands for what could be described as a special language that programs use to talk to each other. Using an API, one application can send a request to another application in order to get in response (also using the API) some required information.

What Webhook is used for

Webhook is also used so that the various systems can communicate with each other. But the "communication" here is different. This mechanism was specifically designed to simplify the procedure for notification of various events - change of settings, adding a new user, deleting messages, etc.

How Webhooks works

The principle behind Webhooks is that as soon as something happens, you're immediately notified about it. And, if in case of an API, the application that needs the information has to continuously send "has this happened yet?" type queries, with Webhooks it's just waiting for the appropriate notification. The only thing it needs is to specify what messages to send and where.

In other words, the difference between the API and Webhook is that you don't need to keep asking me if the event occurred; as soon as it does, I'll notify you. Naturally, this is a very simple description, but it captures the general principle of "Webhooks" well.

It only remains to add that the term Webhook is relatively new. It was first used in 2007 by programmer Jeff Lindsay, who developed the technology. When creating the new word, he took as a basis the term "Hook", which programmers use to describe the technology of making changes in the standard behavior of the system.

Webhooks and Apix-Drive

When building integrations between systems, we make extensive use of both APIs and Webhooks. A classic example - integration with Tilda website builder was implemented exactly with the help of "webhooks". Thanks to this, you can get notifications about the most different actions of visitors to the site you've created.

For example, as soon as a new customer leaves a request through a form, his contacts will be automatically entered in your CRM system. Webhooks are also used for integration with other website builders.

In order to establish integration with any of these services do not need to understand the underlying principles of technology Webhook. The lack of such knowledge will not prevent you to establish communication between the various systems, doing it in just a few clicks. And no third-party developers, no specialized knowledge is required.

Secure use of webhooks

If webhooks deliver data to the application via public URLs, could someone hijack those links and spoof the data? To prevent this from happening, you need to take a number of steps. The first place to start is to use HTTPS. You can go further and secure the connection even more:

  • Add tokens to URLs that act as unique identifiers.
  • Implement Basic Auth, which is also widely supported and easy to do.
  • The two solutions above work great for preventing most attacks. Their disadvantage is sending an authentication token. A third option is for the data provider to sign each request and then verify the signature. For example, GitHub signs requests in the HTTP header with an HMAC key, and Facebook uses a SHA-1 algorithm.

Important notes

There are a few important things to keep in mind when using webhooks.

Webhooks may stop responding after a data request has been delivered. This means that if an error occurs in the application, data may be lost. So to prepare for possible application crashes, figure out how the webhook provider handles responses.

If events occur frequently on the ISP side, such a load can end up crashing the application (as in a DDoS attack). Make sure that the client application is capable of handling the expected scale of requests.

Although webhooks can technically be used to transmit arrays of data, it is recommended that they be used only as a status change signal. Once the notification is received, you need to call the secure API to get the real payload. This separation increases the scalability and reliability of data processing systems.

Try your hand, the best way to understand webhook technology is to try it out.