Webhook
A webhook is an event-driven HTTP POST that a provider sends to a consumer-supplied URL whenever a designated event occurs, such as a payment completing or a repository receiving a push; The consumer registers an HTTPS endpoint with the provider; Webhooks are essential for real-time integrations: billing events, CI/CD triggers, and CRM sync all rely on them
A webhook is an event-driven HTTP POST that a provider sends to a consumer-supplied URL whenever a designated event occurs, such as a payment completing or a repository receiving a push. Unlike polling, webhooks eliminate the need for consumers to repeatedly query for state changes.
How it works
The consumer registers an HTTPS endpoint with the provider. When the triggering event fires, the provider serializes event data as JSON and POSTs it to that endpoint. The consumer must respond with a 2xx status quickly to acknowledge receipt, deferring heavy processing to a background queue.
Key facts
- Push-based: Providers initiate the call rather than consumers polling on an interval
- Idempotency required: Providers may retry on non-2xx responses, so consumers must handle duplicate deliveries
- Signature verification: Most providers sign payloads with HMAC so consumers can reject spoofed requests
For builders
Webhooks are essential for real-time integrations: billing events, CI/CD triggers, and CRM sync all rely on them. Building robust webhook consumers means handling retries, verifying signatures, and processing events asynchronously.
Sources
- IETF. RFC 9110: HTTP Semantics. datatracker.ietf.org
- IETF. RFC 9112: HTTP/1.1. datatracker.ietf.org
- Fielding, R. (2000). Architectural Styles and the Design of Network-based Software Architectures (REST). UC Irvine. ics.uci.edu
- OWASP. API Security Top 10 (2023). owasp.org
- MDN Web Docs. HTTP reference. developer.mozilla.org
