Sign in Subscribe
By Sahil Kapoor -

Webhook

A webhook is an HTTP callback that one system sends to another to notify it of an event. Instead of the receiver polling for changes, the source POSTs an event payload to a URL the receiver registered ahead of time. Webhooks are the default integration mechanism between SaaS products.

How it works

The receiver registers a URL with the source (in a dashboard or via API). When an event occurs, the source POSTs a JSON payload describing the event to that URL. The receiver returns a 2xx status to acknowledge delivery. The source retries with backoff on failures, typically over several hours before giving up.

Common conventions

  • Signature header. The payload is signed (HMAC-SHA256) with a shared secret; the receiver verifies before trusting the contents. Examples: X-Stripe-Signature, X-Hub-Signature-256.
  • Event ID and idempotency. Each event carries a unique ID; receivers deduplicate on it because retries are common.
  • Versioning. The event schema may change; APIs version their payloads and let receivers pin a version.
  • Async processing. Receivers acknowledge fast and process asynchronously, since the source enforces short timeouts.
🔗
Related Terms
REST API, HTTP, Idempotency, API Gateway.

Subscribe to Sahil's Playbook

Clear thinking on product, engineering, and building at scale. No noise. One email when there's something worth sharing.
[email protected]
Subscribe
Mastodon