HOME

TheInfoList



Click Here for Items Related To - Webhook
OR:
Webhook on:   [Wikipedia]   [Google]   [Amazon]

In web development, a webhook is a method of augmenting or altering the behavior of a
web page A web page (or webpage) is a World Wide Web, Web document that is accessed in a web browser. A website typically consists of many web pages hyperlink, linked together under a common domain name. The term "web page" is therefore a metaphor of pap ...
or
web application A web application (or web app) is application software that is created with web technologies and runs via a web browser. Web applications emerged during the late 1990s and allowed for the server to dynamically build a response to the request, ...
with custom callbacks. These callbacks may be maintained, modified, and managed by third-party users who need not be affiliated with the originating website or application. In 2007, Jeff Lindsay coined the term ''webhook'' from the computer programming term ''
hook A hook is a tool consisting of a length of material, typically metal, that contains a portion that is curved/bent back or has a deeply grooved indentation, which serves to grab, latch or in any way attach itself onto another object. The hook's d ...
''.


Function

Webhooks are "user-defined HTTP callbacks". They are usually triggered by some event, such as pushing code to a repository, a purchase, a comment being posted to a blog and many more use cases. When that event occurs, the source site makes an HTTP request to the URL configured for the webhook. Users can configure them to cause events on one site to invoke behavior on another. Common uses are to trigger builds with
continuous integration Continuous integration (CI) is the practice of integrating source code changes frequently and ensuring that the integrated codebase is in a workable state. Typically, developers Merge (version control), merge changes to an Branching (revisio ...
systems or to notify
bug tracking system Tracking system or defect tracking system is a software application that keeps track of reported software bugs in software development projects. It may be regarded as a type of issue tracking system. Many bug tracking systems, such as those used ...
s. Because webhooks use HTTP, they can be integrated into web services without adding new infrastructure.


Authenticating the webhook notification

When the client (the originating website or application) makes a webhook call to the third-party user's server, the incoming POST request should be authenticated to avoid a
spoofing attack In the context of information security, and especially network security, a spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage. Internet Spoofing an ...
and its timestamp verified to avoid a replay attack. Different techniques to authenticate the client are used: * HTTP basic authentication can be used to authenticate the client. * The webhook can include information about what type of event it is, and a
shared secret In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. This usually refers to the key of a symmetric cryptosystem. The shared secret can be a PIN code, a password, a passphrase, a b ...
or digital signature to verify the webhook. * An
HMAC In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a se ...
signature can be included as an HTTP header. GitHub, Stripe and Facebook use this technique. * Mutual TLS authentication can be used when the connection is established. The endpoint (the server) can then verify the client's certificate. The sender may choose to keep a constant list of IP addresses from which requests will be sent. This is not a sufficient security measure on its own, but it is useful for when the receiving endpoint is behind a firewall or NAT.


See also

*
Application programming interface An application programming interface (API) is a connection between computers or between computer programs. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standard that des ...
* Open API * Mashup (web application hybrid)


References


External links


Working with Webhooks
{{Web interfaces Hypertext Transfer Protocol Events (computing) Web technology Change detection and notification