Intro
I’ve worked with APIs and recently used Websockets for a project, but while I was doing research I learned about webhooks. I thought this was another arbitrary term for API, but it sin’t quite the same.
Definition
Webhooks are event-driven mechanisms to inform or send data to another system via http. They’re lightweight and simple to implement.
Characteristics
Webhooks reduce polling by triggering when a specific event occurs and sends data to clients that are concerned with it. In contrast, a traditional HTTP APIs, an application needs to keep checking if something of interest has occurred.
Since the client doesn’t know the server’s state, it needs to do this, and that causes unnecessary requests which are wasted compute, webhooks alleviate this pain.
The onus is on the server to communicate not the client, a sort of reverse client-server dynamic.
Webhooks don't replace APIs
They in fact need APIs in order for them to function, since the underlying infrastructure is the same.
Benefits
- Eliminate the need for polling: This saves resources for the client application.
- Quick Set Up: once an API is in place, it’s easy to introduce webhooks.
- Automated data transfer: payload is sent as soon as it’s available once an event is triggered on the server, very near real-time.
- Ideal for Lightweight payloads: the server determines the amount of data to send, and the client can make use of it however it needs.
Since the client does not control the exact timing or size of the data transfer, webhooks deal with small amounts of information between 2 endpoints, often in the form of a notification.
Set Up
To set up a webhook, the client provides the server with a URL it can reach in regards to a specific data. The server uses this URL to send a single post request to the URL as soon as the event takes place.
Security
To secure apps that use webhooks, secret keys are added to the request header of the payload, so the client can confirm the server’s identity.
The commonly used method is Mutual Transport Layer Security (mLTS), this verifies both client and server before data transmission. In addition to that, SSL encryption for the webook URL for data privacy.