When we develop complex applications for companies, often there is the need to integrate third-party systems. These could be payment processors, SMS gateway, and another type of apps or online website. These providers can send data streams to our app that are called push events (webhooks). These events could be changes of state of a record on the third party system related to a record in our applications. An example of the implementation of these systems is on eCommerce payment processing providers like webhooks stripe.

what are webhooks

A webhook event is when the provider pushes data to our Web Server usually as an HTTP request. The request is POST and transfers data usually in JSON format. The POST request sends the data to a specific URL of our website and we have to grab the data there.

During development when we work in our local machine it's difficult to interact with incoming requests.  This because our local dev computer machine usually runs a web server is not available in public through on the internet. So one temporary solution to make local webserver public and simplify this task is to use an online HTTP tunnel. Installing software like Gronk which is one easy way to expose our virtual host on the public internet.

After we download install ngrok client, to map a virtual host domain such as http://eshop.localhost from our local machine to public internet we execute the following command in Gronk terminal

./ngrok http -host-header eshop.localhost 80

then ngrok will generate a public url

If you use vagrant then you have to install ngrok in host machines expose the virtual machine with 

ngrok http -host-header=rewrite crm.localhost:80

Debugging Webhooks

Debugging webhook integration can be a challenging task in simple steps. Initially, we can watch the data structure of the webhook by collecting requests with RequestBin. Then can simulate or triggers webhooks with a tool like CURL and test incoming request in a local development environment we can use ngrok make public our localhost. Finally, we can monitor API and hooks Runscope

Securing webhooks connections

  • Implement https protocol
  • Add token as unique identifier ?auth=demo
  • Basic Auth that you can implement on the HTTP headers of the request
  • Encrypt the payload of the HTTP request
  • Verify Web Signatures
  • Restrict incoming request that will come only from a specific range of ip requests

If you need help to integrate incoming data streams webhooks strip to your system contact us.

The difference of a webhook from an API

The main difference between an API and a webhook is that if we connect with an API we request data from the web application to API. In short, we are polling, on the hand if we push to implement a webhook integration the third party system is pushing data to an endpoint of our web applications.

Managing WebHooks practically is creating HTTP endpoints on a server, you can configure HTTP endpoints that are exist your applications web server (apache) + Web PHP framework. Also these kind of problem could be handled by a microservice written in Golang, where HTTP server and software is written in the same language to handle webhooks

Some of the popular service providers that make this implementation are

  • webhooks discord
  • gitlab webhooks
  • github webhooks
  • webhooks discord
  • webhooks shopify