Webhooks are a means for different applications on the web to communicate with each other in real-time. They allow developers to build applications that can react to certain events happening on other applications. This makes it easier for developers to build integrations between different applications because they don't have to worry about constantly checking for updates.
A common application of Webhooks is applied in couriers/ shipments. As and when the package arrives at a warehouse or crosses some transit point, a notification automatically goes out to the receiver informing them of the updated location and estimated ETA.
Fundamentally, you can use webhooks to send data from a source to a destination by simply specifying an endpoint URL. And since Webhooks allow systems to exchange data in response to event triggers, they are key building blocks of modern web applications.
In short, Webhooks are a resource-light alternative to APIs because rather than periodically polling the application to see if there are any new updates, they rely on changes in the event state to trigger the next set of actions in a workflow.
Another advantage of webhooks is that they can be triggered by a wide variety of events, so developers can use them to build very flexible and responsive applications. For example, a webhook could be triggered when a new user signs up for a service, when a payment is made, or when a form is submitted. This makes it easy for developers to build applications that can react to changes in a variety of different systems. Many other modern web services like GitHub and Slack also make use of webhooks to communicate events.
Most of all, Webhooks are easy to create and easy to implement. Most web development frameworks such as Django, Express, Rails, and Laravel provide a way for developers to create Webhooks using their preferred programming language. Infact, even serverless frameworks like AWS Lambda and Azure Functions can listen to Webhook requests. Bottomline is, Webhooks can be used with anything that can listen & reply to HTTP requests.
So far, we’ve covered a lot about Webhooks. Now let’s try to understand what was the need for it in the first place when APIs themselves do something similar.
HTTP is based on a traditional 2-way communication architecture where a client sends a request to the server and the server responds in return. And depending on the service in question there could be plenty of to and fro of data leading to heavy load.
Webhooks work differently. They support the mechanism of 1-way communication. So depending on the use case, you can configure the server to send data to a client based on occurrence of pre-defined conditions.
Now let’s understand this in more detail by fundamentally breaking down the differences between an API and Webhook, and when either of them should be used.
In case of an API, communication is always initiated from the client’s end to the server. In technical terms, the request is initiated by the client. And in return, it expects a response from the server. An example is the Weather App on your phone where the app periodically polls the server for updated temperature data.
However, in case of a Webhook, communication is initiated by the server and data is subsequently delivered to the client. But the point to note is that the client registers itself to the server in advance.
An example is a data upload service to a backup server. In such a case, instead of polling the server for constant updates, the client can subscribe to the server and whenever certain criteria is met, the server issues a notification to the subscribed client.
Now let’s understand this with a better example. For two web applications to communicate with each other, one or the other method can be used. (Ex. considered: your friend is baking a cake and you want a piece of the pie 😋)
Bottomline is, Webhooks are automated messages sent from apps when something happens. They have a message—or payload—and are sent to a unique URL—essentially the app's phone number or address. Webhooks are almost always faster than polling and require less work at your end.
As explained earlier, for a Webhook (even API for that matter) there are two stations - a provider and a receiver. The occurrence of a particular event can trigger the Webhook provider to post the data to an end-point URL (at the receiver’s end). This end-point URL must also be accessible from the public web.
The data that is posted will usually be either in JSON or XML format as specified by the provider. And most web frameworks will support the application of Webhooks. If the web frameworks don’t, you may need to call on a function or two.
Since Webhooks are asynchronous, debugging them can get tricky. You must first trigger the webhook, wait for a couple of seconds, and then check the response. There are other workarounds involving various tools to avoid this manual effort:
This is an essential aspect of implementing Webhooks. Since the URLs are publicly available, anyone that gets hold of the end-point URL can start sending you false data. So it's extremely important to be careful, to who you reveal the URLs. Either ways its recommend to enforce TLS connections (HTTPS). You can then secure your connection by following one of the techniques:
For more advanced information related to webhooks security, you can check this link.
When configuring Webhooks, keep the following in mind:
That’s it, folks!
Webhooks and APIs are a developer-friendly approach to building modern-day web applications. Devs from around the globe, prefer to do this. And we’re happy to announce that Squadcast strongly encourages the use of Webhooks and APIs to configure/automate your Incident Response.
In the next set of blogs, I will explain how you can use our APIs and Webhooks to automate incident management workflows at your end. You will then understand how powerful Squadcast’s Developer Portal is and the capability/ flexibility of our developer ecosystem.
Stay tuned, more to follow soon!
References -