DevLoom | Learn Dev Skills Faster

## What are Webhooks? Webhooks are automated messages sent from one app to another when something happens. Instead of constantly checking for updates (polling), the app sends you a notification the moment something occurs. Think of webhooks like doorbell notifications on your phone. Your doorbell does not make you constantly check if someone is at the door - it alerts you instantly when someone rings. ## How Webhooks Work 1. You tell an app (like GitHub or Stripe) your webhook URL 2. When an event happens (new commit, payment received), the app sends an HTTP POST request to your URL 3. Your server receives the data and processes it When someone stars your GitHub repo, GitHub sends a POST request to your webhook URL with details about who starred it. ## Real-World Usage **Payment Processing**: Stripe sends webhooks when payments succeed or fail. Your app updates order status automatically. **CI/CD**: GitHub sends webhooks when code is pushed. Your CI server receives it and starts building. **Communication**: Slack sends webhooks when messages are posted. Your app can respond automatically. **E-commerce**: Shopify sends webhooks for new orders, refunds, inventory changes. ## Webhooks vs Polling **Polling** (old way): - Your app checks for updates every minute - Wastes resources checking when nothing changed - Delayed - updates only noticed when you check **Webhooks** (modern way): - App notifies you instantly when something happens - No wasted requests - Real-time updates Webhooks are more efficient and faster. ## Setting Up a Webhook Create an endpoint in your Express.js application that receives POST requests. GitHub will send data to this endpoint whenever events happen. Return a 200 status to acknowledge receipt. ## Security Webhooks need security because anyone could send fake requests to your endpoint: **Signature Verification**: Services sign webhook payloads. You verify the signature to ensure it is legitimate. **HTTPS Only**: Always use HTTPS to prevent eavesdropping. **IP Whitelisting**: Only accept requests from known service IPs. Stripe provides methods to verify webhook signatures to ensure requests are legitimate. ## Common Webhook Events **GitHub**: push, pull request, issues, releases, stars **Stripe**: payment succeeded, payment failed, subscription canceled **Twilio**: SMS received, call completed **Shopify**: order created, product updated, customer created **Discord**: message posted, member joined ## Handling Webhook Failures Networks fail. Your server might be down when a webhook arrives. Handle this: **Return 200 Quickly**: Acknowledge receipt immediately, process asynchronously **Retry Logic**: Most services retry failed webhooks (with exponential backoff) **Idempotency**: Handle duplicate webhooks gracefully (services may send same webhook twice) **Logging**: Log all webhooks for debugging ## Testing Webhooks Locally Problem: Webhooks need a public URL, but you are developing locally. Solutions: - **ngrok**: Creates public URL that tunnels to localhost - **Webhook.site**: Inspect webhook payloads without code - **Postman**: Manually send test webhook requests - **Service Test Mode**: Many services have test webhooks you can trigger ## When to Use Webhooks **Use webhooks when**: - You need real-time updates - Events happen unpredictably - You want to reduce API calls **Use polling when**: - Service does not support webhooks - Updates are predictable (check every hour is fine) - Simplicity matters more than real-time ## Popular Services with Webhooks Almost every modern API supports webhooks: - Payment: Stripe, PayPal, Square - Version Control: GitHub, GitLab, Bitbucket - Communication: Slack, Discord, Twilio - E-commerce: Shopify, WooCommerce - Forms: Typeform, Google Forms (via Zapier) ## The Bottom Line Webhooks are how modern apps communicate in real-time. They are simple, efficient, and powerful. Master webhooks and you can integrate with any service that supports them. Set up a webhook endpoint, register it with a service, and start receiving real-time updates. It is that easy.