Webhooks
Integration IntermediateWhat are Webhooks?
Webhooks are automated messages sent from one application to another when a specific event occurs. Instead of your system constantly checking (“polling”) for new data, webhooks push data to you the moment something happens. They’re the difference between refreshing your email inbox every minute vs. getting instant notifications.
Webhooks are your system’s antenna for real-time data. No more polling — let the data come to you. It’s the difference between being told “the package arrived” vs. watching the door all day.
How Webhooks Work
Event Flow:
1. User makes purchase on e-commerce site
2. E-commerce platform detects "order created" event
3. Platform sends HTTP POST to your webhook URL
4. Your server receives payload, validates it
5. You process data, send 200 OK response
6. Data is in your system instantly
Webhook Payload Example
{
"event": "product.price_change",
"timestamp": "2024-01-15T10:30:00Z",
"data": {
"product_id": "SKU-12345",
"old_price": 99.99,
"new_price": 79.99,
"currency": "USD",
"url": "https://store.com/product/SKU-12345"
}
}
Webhook Security & Reliability
| Challenge | Solution |
|---|---|
| Spoofing | Verify signature (HMAC) in header |
| Downtime | Implement retry logic with exponential backoff |
| Replay attacks | Use nonces or timestamps |
| Duplicates | Idempotent processing |
# Verify webhook signature (Stripe-style)
import hmac
signature = request.headers['Stripe-Signature']
secret = 'whsec_...'
expected = hmac.new(secret, payload, 'sha256').hexdigest()
if not hmac.compare_digest(signature, expected):
abort(401)
Pro move: Set up a webhook endpoint that immediately acknowledges receipt (return 200) and processes data asynchronously. This prevents timeout errors and keeps your webhook provider happy.