Webhook
Definition & meaning
Definition
A webhook is an HTTP callback mechanism that allows one application to send real-time data to another application whenever a specific event occurs. Unlike APIs where you poll for updates, webhooks push data automatically when triggered, making them ideal for event-driven architectures. Webhooks are widely used for payment notifications (Stripe), CI/CD triggers (GitHub), and automation workflows (n8n, Zapier).
How It Works
A webhook is an HTTP callback mechanism that allows one application to send real-time data to another when a specific event occurs. Instead of the receiving application repeatedly polling an API to check for changes (which wastes resources and introduces latency), the sending application makes an HTTP POST request to a pre-configured URL whenever the event triggers. The payload — typically JSON — contains event details (what happened, relevant data, timestamps). The receiving server processes the payload and returns a 200-level status code to acknowledge receipt. Webhook implementations include retry logic for failed deliveries (exponential backoff over hours or days), signature verification using HMAC-SHA256 to authenticate that the payload genuinely came from the expected sender, and idempotency handling to prevent duplicate processing. Some systems provide webhook logs and manual replay functionality for debugging. Event types are usually filterable so receivers only get notifications they care about.
Why It Matters
Webhooks are the backbone of event-driven architecture in modern SaaS ecosystems. They enable real-time integrations without the cost and latency of polling. When a customer completes a payment, Stripe sends a webhook. When code is pushed, GitHub sends a webhook. When an AI generation finishes, the platform sends a webhook. For developers, implementing webhook handlers is a core skill — nearly every third-party service integration relies on them. For system architects, webhooks enable loosely coupled, scalable systems where services react to events independently. Understanding webhook security (signature verification, HTTPS enforcement, payload validation) is critical to prevent spoofing and injection attacks.
Real-World Examples
Stripe webhooks notify your backend about payment events (charge succeeded, subscription canceled, dispute created) and are essential for reliable payment processing. GitHub webhooks trigger CI/CD pipelines in Jenkins, GitHub Actions, or CircleCI when code is pushed. Shopify webhooks notify fulfillment systems when orders are placed. On ThePlanetTools.ai, AI tools like Replicate use webhooks to notify your application when an asynchronous image or video generation job completes, avoiding the need to poll for results. Automation platforms like n8n, Make, and Zapier use incoming webhooks as triggers to start workflows. Slack's incoming webhooks let external services post messages to channels programmatically.