What is a Webhook? When to Use Webhooks?

What is a Webhook? When to Use Webhooks?

Daily short news for you

  • For a long time, I have been thinking about how to increase brand presence, as well as users for the blog. After much contemplation, it seems the only way is to share on social media or hope they seek it out, until...

    Wearing this shirt means no more worries about traffic jams, the more crowded it gets, the more fun it is because hundreds of eyes are watching 🤓

    (It really works, you know 🤭)

    » Read more

  • A cycle of developing many projects is quite interesting. Summarized in 3 steps: See something complex -> Simplify it -> Add features until it becomes complex again... -> Back to a new loop.

    Why is that? Let me give you 2 examples to illustrate.

    Markdown was created with the aim of producing a plain text format that is "easy to write, easy to read, and easy to convert into something like HTML." At that time, no one had the patience to sit and write while also adding formatting for how the text displayed on the web. Yet now, people are "stuffing" or creating variations based on markdown to add so many new formats that… they can’t even remember all the syntax.

    React is also an example. Since the time of PHP, there has been a desire to create something that clearly separates the user interface from the core logic processing of applications into two distinct parts for better readability and writing. The result is that UI/UX libraries have developed very robustly, providing excellent user interaction, while the application logic resides on a separate server. The duo of Front-end and Back-end emerged from this, with the indispensable REST API waiter. Yet now, React doesn’t look much different from PHP, leading to Vue, Svelte... all converging back to a single point.

    However, the loop is not bad; on the contrary, this loop is more about evolution than "regression." Sometimes, it creates something good from something old, and people rely on that goodness to continue the loop. In other words, it’s about distilling the essence little by little 😁

    » Read more

  • Alongside the official projects, I occasionally see "side" projects aimed at optimizing or improving the language in some aspects. For example, nature-lang/nature is a project focused on enhancing Go, introducing some changes to make using Go more user-friendly.

    Looking back, it resembles JavaScript quite a bit 😆

    » Read more

What is a Webhook?

A webhook (also known as web callback or HTTP push API) is a way for a system to provide real-time information to other systems. Webhooks deliver data to other systems based on recently occurred events, meaning you receive data immediately without the need for frequent API calls to retrieve real-time data. This makes webhooks much more efficient for both service providers and your system. The only drawback of webhooks is the initial connection setup.

What is a webhook

To help visualize, take a look at the image above comparing webhooks to APIs. While webhooks automatically receive data from the server, APIs need to repeatedly send requests to receive data.

Webhooks are sometimes referred to as "Reverse APIs" because they provide you with parameters and you must design an API for the webhook to use. The webhook will make an HTTP request to your application (usually POST) including all those parameters.

Using Webhooks

Typically, you will need to provide a URL to the webhook service provider for them to send requests to. This is usually done through a management page or an API. This also means that you need to implement a URL in your system for the webhook to call.

Most webhooks will send data back to you in either JSON (common) or XML (less common) format. The webhook provider will inform you how they deliver data through their documentation.

When to Use Webhooks?

Webhooks are widely used by major internet platforms and systems. For example, Facebook Page provides webhooks to send events such as user likes, page follows, comments, or even messages to your registered system. Similarly, Zalo provides webhooks to handle similar events on their Zalo Page.

In general, when integrating your system into another system’s infrastructure, webhooks are often the preferred method. So, when implementing integrations, it is likely you will be working with webhooks.

Security

Implementing a URL in your system to provide for webhooks makes it possible for others to find that URL and send malicious requests, causing your system to behave incorrectly. To prevent this, you can employ some security techniques. The easiest way is to provide an HTTPS URL. Additionally, you can consider the following:

  • The first and most widely supported approach to securing webhooks is to add a token to the URL, e.g. ?auth=token.
  • Another option is to implement Basic Auth, which is also widely used and straightforward to implement.
  • The first two solutions effectively prevent most webhook attacks, but they have the disadvantage of having to send authentication credentials with each request. A third option is to require the webhook service provider to sign each request they make to your system and then you verify that signature. This implementation is slightly more complex, and I will make time to write a guide on implementing this approach as a webhook service provider.

Some Considerations

There are a few things to keep in mind when providing your system's URL for use with a webhook service:

  • Webhooks deliver data to your system via an HTTP request. This means that if your system encounters errors, the webhook data delivered to you can be lost. Many webhooks will actively retry requests if they detect that your system is experiencing issues. So, be sure to carefully read the webhook service provider's documentation to understand how they handle HTTP requests to your system.
  • When events occur continuously, webhooks can make continuous HTTP requests. Make sure your system can handle this in its implementation.

Recap

Webhooks provide a way for a system to deliver real-time information to other systems, eliminating the need for frequent API calls. Most webhooks operate based on events to notify registered systems by making an HTTP request.

Currently, most major Internet service platforms provide webhooks for easy integration with your application system. Additionally, attention should be paid to the security and implementation of webhooks.

References:

Premium
Hello

The secret stack of Blog

As a developer, are you curious about the technology secrets or the technical debts of this blog? All secrets will be revealed in the article below. What are you waiting for, click now!

As a developer, are you curious about the technology secrets or the technical debts of this blog? All secrets will be revealed in the article below. What are you waiting for, click now!

View all

Subscribe to receive new article notifications

or
* The summary newsletter is sent every 1-2 weeks, cancel anytime.

Comments (2)

Leave a comment...
Avatar
Hương Trịnh3 years ago

Không cmt bằng hình ảnh được nhỉ

Reply
Avatar
Hương Trịnh3 years ago

Ad ơi bị lỗi giao diện trên mobile rồi kìa :))

Reply
Avatar
Xuân Hoài Tống2 years ago

Ok bạn ơi mình thấy rồi, thanks b

Avatar
Xuân Hoài Tống2 years ago

Đã fix rồi nha bạn