Implementing Webhooks: not so trivial!

Implementing Webhooks: not so trivial!

Webhooks, we know what they are, right? You’ve probably already used some to be notified of Github commits, to react to text messages received via Twilio, or created a fulfillment for a Dialogflow chatbot to answer users. From the Webhook consumer side, it doesn’t seem complicated to code… On the server-side, is it really just a web API to implement? Hmm… maybe not! Actually, we’ll see that it might be not as simple as it first sounds ! After an introduction on the concept of Webhooks, we’ll create our own callbacks to be notified of events. Then, we’ll go on the other side of the mirror, by creating our own Webhook backend. We’ll study how to deal with client subscription queues, manage all kinds of errors, debug the webhook, handle retries to avoid flooding subscribers, or how to secure those hooks. There’s lots to cover!


Guillaume Laforge

September 17, 2019


  1. 1.

    @glaforge WEB HOOKS WEB HOOKS Not as trivial as it

    may seem Not as trivial as it may seem @glaforge
  2. 4.

    @glaforge Ask a service to notify you via an HTTP

    callback to a URL you specify when an event occur Ask a service to notify you via an HTTP callback to a URL of your choice when an event occur
  3. 7.

    @glaforge Emails • SendGrid • MailChimp Chat messages • Dialogflow

    • Intercom Payments • Stripe • BrainTree Build results • TravisCI • CircleCI Who else is using webhooks?
  4. 15.

    @glaforge Check runs Check suites Commit comments Branch / tag

    creation Branch / tag deletion Deploy keys Deployments Deployment statuses Forks Wiki Issue comments Issues Labels Collaborator Milestones Page builds Projects Project cards Project columns Visibility changes Pull requests PR reviews PR review comments Pushes Registry packages Releases Repositories Repository imports Repository vuln. alerts Stars Statuses Team adds Watches
  5. 17.

    @glaforge Develop & deploy a handler to receive POST requests

    Register the handler’s URL to the service provider Service provider sends a requests to your handler when an event occur 1 2 3 Add a webhook mechanism to a service provider 0
  6. 46.

    @glaforge Implementing Webhooks CLIENT • Reply with 200 • Reply

    fast • Ack reception and defer work to a worker queue • Calls should be idempotent • IP whitelisting • Check request signature • Take advantage of serverless solutions SERVER • Send small data payloads (re-fetch) • Timeout if client too slow • Retry with exponential backoff • Keep track of delivery with a worker queue • Batch events when too frequent • Use a dead letter queue for auditing • Use HTTPS for secured connections • Sign requests with a secret • Use proper authentication / authorization solutions
  7. 48.

    @glaforge Resources Crafting a great webhooks experience (John Sheehan)

    WebHooks: the definitive guide WebHooks: The API Strikes Back (InfoQ) Webhooks vs APIs What is a Webhooks push-style API & how does it work (ProgrammableWeb) Webhooks do’s & dont’s: what we learned after integration 100+ APIs
  8. 49.

    @glaforge Resources How & why Pusher adopted Webhooks Webhooks

    vs WebSub: Which Is Better For Real-Time Event Streaming? Webhooks, the devil is in the details How to design a webhook for my API Serverless webhooks to revolutionize the SaaS