While APIs are often called as the new standard for integrating business applications, the topic of webhooks integration seems to be largely underrepresented in the how-to guides and reference literature.
This is unfortunate, because actually, webhooks represent a powerful mechanism that allows to build event driven integrations with quite a high level of customization and functionality. So, let’s take a look at what makes webhooks so special when it comes to workflow automations, what their place in such automation scenarios is, and the different ways how webhooks can make apps talk to each other.
What is a webhook
Webhooks are one of the few methods how apps and web services can keep data in sync with each other. Moreover, a webhook allows you to trigger a specific event as an immediate, real-time response to another event – e.g. sending a push notification to your customer as soon as their order was dispatched.
This is different from how you would handle this through APIs. An API requires a target application to perform a request for data from a source application, while a webhook simply notifies the target apps when certain events occur in the source app. This makes webhooks a much faster alternative to polling for data changes at certain time intervals.
What is a webhook integration
Setting up a webhook for integrations purposes is generally very easy. It only requires configuring an ‘HTTP POST’ request on the side of the sending application. This POST request will deliver a payload data package to a URL that points to a specific API endpoint in the receiving system, or any other listener that you have defined on the webhook’s side.
This payload data contains the event data, wrapped in the request body, that can then be processed as needed by the receiving application.
Webhooks can be used in a variety of automation scenarios. Let’s say, you designed a web app that collects and processes all orders placed on a user’s Etsy account.
Rather than having this web app continuously poll the Etsy’s API, you can implement a webhook integration that would allow Etsy (aka the ‘sending’ application) to automatically push new orders into your web app (aka the ‘receiving’ application) via a registered URL as soon as they are created.
When used within the scope of automating a business workflow, webhook payload data can be transmitted not just to one, but several systems. When an event occurs in your custom-built system, e.g. a new appointment was booked, the webhook can trigger an entire workflow process across as many systems and platforms as you require, sending certain parts of transmitted data to various applications.
Things about webhook integrations to consider:
To enable webhooks integration, the receiving application must have designated URL / API endpoints on the sender’s side that would accept notifications about new events and process the POST requests. These endpoints should be readily exposed to potential webhook users so they can easily set up the respective calls to them.
Adding a response
After the POST data is processed, the URL / API endpoint can return a successful 200 response to the webhook call initiator to notify it about the status of the call. This isn’t a required step but some application providers explicitly ask for it in order to avoid wasting resources.
Stripe, for example, openly states that it will retry sending an event if a response isn’t communicated within a reasonable time. If you’re not sure whether a response is required, check the respective application’s documentation or ask their developers directly.
Securing the webhooks
Once an application is configured to receive payloads, it will listen to any payload sent to a specific endpoint. Hence, it is critical to verify that the request came from the expected sender.
There are several methods, one of which is setting up a secret token or a signature shared between the client and the server. This is widely used by many business applications, for example, Stripe, Zendesk, SendGrid.
On the elastic.io platform, we offer three different Webhook verification methods – the basic authorization with a username and password, API key and HMAC signature.
In general, though, the topic of webhook security is a complex one and deserves a special attention.
Webhooks aren’t 100% reliable; if a receiving endpoint went temporarily offline, the payload that was sent over the webhook might never reach the receiving application if there is no mechanism to retry failed data pushes.
This is why webhooks shouldn’t be the only method of data delivery to your app. Instead, you should have the so-called reconciliation strategy, i.e. the processes to pull data from the source application on a regular basis. Of course, the easiest way to do this is to use an API to support webhooks integration.
But there are other methods as well. For one, you can implement an event messaging queue such as the one provided by RabbitMQ or Amazon’s Simple Queue Service (SQS). The webhook calls will be stored in a queue, which will prevent the loss of payload data pushed by a server when the webhook or the endpoint went offline for some reason.
Other Webhook integration examples and benefits
To sum it up, webhooks are an excellent solution for application integrations scenarios that require near-real-time or real-time data updates. So much so that many web services and business applications extensively cover in their documentation how to handle webhook integrations to enable data exchange with their app.
Shopify offers webhook endpoints to help developers, for example, promptly react to any price changes or refresh inventory levels after a transaction has been completed on a store’s side. Zendesk enables webhook integrations to set up alerts in Slack when an urgent support ticket is created, or forward the details of a ticket to Asana after an issue has been handled. Or you can use webhooks with Stripe to push notifications to other apps once a payment has been processed successfully.
But automation scenarios using webhooks may go far beyond that. First, they are an ideal solution when an application doesn’t provide any API at all (which is often the case with legacy applications) or the available API isn’t the greatest fit for the job.
If you’re looking for a tool that can speed up your integrations projects and supports webhooks integration, we encourage you to contact us to discuss the details of your project and how you can leverage the elastic.io iPaaS technology.
Secondly, on elastic.io we often see the cases when developers use our webhook connector to link two or more of their automation workflows, with the webhook playing the role of a trigger for a subsequent flow.
This is usually done for one of the two reasons:
- There is a high probability that the automation workflow will grow very long and complex. By assuming the coupling role, webhooks help break down this potentially long workflow into several smaller one, which makes your integrations much easier to manage
- One and the same data processing is supposed to trigger several different automation flows (e.g. as soon as the order status is updated, there is an invoice to be issued, a mail notification to be sent, the inventory level to be changed, and a note to be created in CRM). In such a scenario, a webhook will help avoid duplicating the same series of steps in multiple flows.
To recap, implementing webhook integration is a great method to improve efficiency using real-time events and data. As such, webhooks support the modern, event driven architecture that enables businesses to adapt to changes quickly, make informed business decisions, and deliver real-time user experiences.