What Is Webhook?
A webhook is an HTTP callback that automatically sends data to your server when an event occurs in another system. Instead of polling an API repeatedly, the external system pushes the update to a URL you configure.
How Webhook Works
Think of webhooks as reverse APIs. With a normal API, you ask for data. With a webhook, data comes to you. When a customer completes a Stripe payment, Stripe sends a POST request to your webhook URL with the payment details. When someone pushes to GitHub, GitHub can notify your CI/CD system via webhook.
Setting up a webhook means: (1) you create an endpoint on your server that accepts POST requests, (2) you register that URL with the external service, and (3) you verify incoming requests using signatures to prevent spoofing.
Why Developers Use Webhook
Webhooks power event-driven integrations. Stripe uses them for payment confirmations. GitHub for CI/CD triggers. Shopify for order notifications. Slack for bot interactions. Any time you need real-time notifications from a third-party service, webhooks are the answer.
Key Concepts
- Endpoint — The URL on your server that receives incoming webhook POST requests
- Payload — The JSON data sent by the external service describing the event that occurred
- Signature Verification — Cryptographic check that the webhook came from the expected sender, not an attacker
- Retry Logic — Most webhook senders retry on failure (3-5 attempts with exponential backoff)
Frequently Asked Questions
What is the difference between a webhook and an API?
An API is pull-based: you make requests to get data. A webhook is push-based: the external system sends data to you when something happens. Webhooks are more efficient because you don't waste resources polling.
How do I test webhooks locally?
Use tools like ngrok or Cloudflare Tunnel to expose your local server to the internet. Then register the tunnel URL as your webhook endpoint in the external service's dashboard.