When we develop complex applications, often we want to integrate third party systems such as payment gateways, sms providers and other. Some of this providers can provide the functions send push events (webhooks) to our web application, these could be the changes of state of a record on the third party system related to a record in our applications. An example is the Paypal Instant Payment Notifications which a system that notifies the merchants for event about a transaction or webhooks stripe.
A webhook event is when the provider push data to our Web Server usually is an HTTP request of type POST that carry data usually in JSON format, the post request send the data to a specific url of our website and we have to grab the data there.
During development when we work in our local development machine it's difficult to interact with incoming requests from such services because our local machine usually the web server is not public access through internet. So one tempory solution to make local web server public and simplify this task is to use an online http tunnel services such gronk which is one of the ways to expose our virtual host on public internet.
After we download install ngrok client, to map a virtual host domain such as http://eshop.localhost from our local machine to public internet we execute the following command in gronk terminal
./ngrok http -host-header eshop.localhost 80
then ngrok will generate a public url
Debugging a webhook integrations can be a challenging task but in four steps
- We can see the data structure of the webhook by collecting request with RequestBin.
- Simulate or triggers webhooks with cURL
- Test the code in our local development environment with ngrok
- Monitor API and hooks with a tool like Runscope
Securing webhooks connections
- Implement https protocol
- Add token as unique identifier ?auth=demo
- Basic Auth that you can implement on the HTTP headers of the request
- Encrypt the payload of the http request
If you need help to integrate webhooks stripe to your systems contact us.
The difference of a webhook from an API
The main difference between an API and a webhook is that if we connect with an API we request data from the web application to API in short we are polling, on the hand if we push implement a webhook integration the third party system is pushing data to an endpoint of our web applications.
Managing Web Hooks practically is creating HTTP endpoints on a server, you can configure HTTP end points that is managed through your web server (apache) + web php framework, or use one in all solution for example in Golang where HTTP server and software is written in the same language to handle webhooks