When we develop complex web applications for enterprises, often there is the need to integrate a series of third-party systems from others companies. These could be payment processors, SMS gateway, and other types of apps or online websites.
These providers can send data streams to our app that are called push events (webhooks). These events could be changes of state of a record on the third party system related to a record in our applications.
So basically are HTTP callbacks are triggered by specific events. Whenever a trigger event occurs in other systems the webhooks collect these HTTP requests. There are many tools that a backend web developer can use to create and integrate these services.
An example of the implementation of these systems is on eCommerce payment processing providers like webhooks stripe.
what are webhooks
A webhook event is when the provider pushes data to our Web Server usually as an HTTP request. The request is POST and transfers data usually in JSON format. The POST request sends the data to a specific URL of our website and we have to grab the data there.
During development when we work in our local machine it's difficult to interact with incoming requests. This because our local dev computer machine usually runs a web server that is not available in public through on the internet.
So one temporary solution to make the local webserver public and simplify this task is to use an online HTTP tunnel. Installing software like Gronk is one easy way to expose our virtual host on the public internet.
After we download install ngrok client, to map a virtual host domain such as http://eshop.localhost from our local machine to public internet we execute the following command in Gronk terminal
./ngrok http -host-header eshop.localhost 80
then ngrok will generate a public url
If you use vagrant then you have to install ngrok in host machines expose the virtual machine with
ngrok http -host-header=rewrite crm.localhost:80
Debugging webhook integration can be a challenging task in simple steps. Initially, we can watch the data structure of the webhook by collecting requests with RequestBin. Then can simulate or triggers webhooks with a tool like CURL and test incoming request in a local development environment we can use ngrok make public our localhost. Finally, we can monitor API and hooks Runscope
Securing webhooks connections
- Implement https protocol
- Add token as unique identifier ?auth=demo
- Basic Auth that you can implement on the HTTP headers of the request
- Encrypt the payload of the HTTP request
- Verify Web Signatures
- Restrict incoming request that will come only from a specific range of ip requests
If you need help to integrate incoming data streams webhooks strip to your system contact us.
The difference of a webhook from an API
The main difference between an API and a webhook is that if we connect with an API we request data from the web application to API. In short, we are polling, on the hand if we push to implement a webhook integration the third party system is pushing data to an endpoint of our web applications.
Managing WebHooks practically is creating HTTP endpoints on a server, you can configure HTTP endpoints that exist in your applications web server (apache) + Web PHP framework. Also this kind of problem could be handled by a microservice written in Golang, where HTTP server and software is written in the same language to handle webhooks
Some of the popular service providers that make this implementation are
- webhooks discord
- gitlab webhooks
- github webhooks
- webhooks discord
- webhooks shopify