What is a Webhook

A webhook is an HTTP callback. Instead of your application polling an API for changes ("are there new events?"), the API sends an HTTP POST request to a URL you configure whenever an event occurs. The API pushes data to you, rather than you pulling it.

How it works

You register a callback URL with the API provider: "when a payment succeeds, POST to https://myapp.com/webhooks/stripe." When the event occurs, the API sends an HTTP POST with a JSON payload describing the event. Your server receives it, validates it (checking a signature to verify it came from the API provider, not an attacker), and processes the event.

Webhooks are fire-and-forget from the sender's perspective — but good implementations include retry logic (exponential backoff on failure) and a way to view delivery status.

Why it matters

Webhooks invert the communication model. Polling wastes resources — checking for changes every minute when events happen once a day means 1,439 wasted requests. Webhooks deliver events as they happen, with zero wasted requests. The tradeoff: your server must be reachable from the internet, you must handle retries and out-of-order delivery, and you must validate signatures to prevent spoofing.

Stripe, GitHub, Slack, Twilio, and most SaaS platforms use webhooks as their primary event notification mechanism.

See How REST Works for how webhooks complement REST APIs.

This concept appears in

How REST Works — Resources, Verbs, and Statelessness

What is a Webhook

How it works

Why it matters

Related

This concept appears in