What is Webhook and How It Works: A Simple Explanation

If the internet was a collection of barely interconnected websites that exist in vacuum chambers, there would be no need for things like webhooks or APIs. However, the modern global internet infrastructure demands efficient ways to establish communication between web applications. The simplicity of the concept that we are going to cover in this article makes it instrumental in many use cases and can be successfully used by DeFi projects and fintech companies working in DeFi.

The term was coined by an American tech enthusiast and professional programmer Jeff Lindsay who described user-defined HTTP callbacks and proposed using them for inter-app communications. The solution is simple and elegant and offers an unmatched level of flexibility to developers.

How webhook works

When an application needs to receive data or commands from external sources to execute its functionality, we can use webhooks to provide it. You don’t need to format the message using XML or JSON file types. Instead, the communication is happening over the HTTP protocol allowing for flexible, light-weight communication that effortlessly works in the contemporary web environment while allowing all sorts of applications to easily connect.

A webhook is usually a message sent from one application to another to initiate a certain action. It occurs when a certain trigger activates in the first app and sends the message over a webhook to the one that must perform a process.

Webhook in development of web applications

These instruments are often used by third-party service providers who do not want to fully integrate with another platform that provides a complimentary or base service to end users. More locally, they are often used to perform non-essential functionality like notifying bug tracking systems, sending out automated email responses, and other such activities.

Since you don’t need to build additional infrastructure to inform all sorts of behaviors on various applications, it is a good idea to implement webhooks even for continuous integration with other systems without causing any issues in communication.

Decentralized platforms also can use them to provide Web 2.0-like experience to users. For example, a DeFi protocol may use a webhook to inform users about on-chain events that can be registered and acted upon on the web application that aggregates and analyzes data. This solution offers convenience and additional functionality to many websites without the need to extensively work on the backend.

Webhook security

It is possible to create a very safe connection between applications using webhooks. Basic safety is ensured through the obscurity of the connection as each communicating party receives a unique URL generated randomly. Developers don’t need to add other security layers for most use cases, but when it comes to working with sensitive data or triggering actions that can be harmful, additional measures like encryption keys and signatures are used.

To avoid spoofing and replay attacks, all incoming requests must be authenticated. This can be achieved through several different methods:

  • HTTP provides authentication capabilities and can be used as is.
  • Digital signatures can be used to verify each webhook message.
  • HMAC signatures are often included as headers in HTTP messages.
  • Two-sided TLS authentication through an established connection is also an option.

In some cases, service providers that send out webhooks can use static IP addresses that are white-listed by receiving parties. In some cases, this simple approach to authenticating messages can be sufficient. However, responsible developers usually try to avoid this method as it is clunky and does not offer complete protection from hackers.

Webhook vs API

In many senses, these two are very similar in functionality. These are methods of establishing a connection between web applications that can be used to inform behaviors by users. However, API is a complex app that often requires just as much effort and time as any other essential component of your web app.

In the world of blockchain, API connections can be used, but many projects still prefer webhooks for their simplicity and quick integration. Since communication is mostly used to toss around on-chain data or grab information quickly, the need for deep API integration is limited.

The straightforward nature of a webhook is a significant advantage for many development teams building DeFi projects. Human resources are often limited and dedicating them to building APIs or applications that can connect to an API is incredibly wasteful from the project management perspective.

Another downside is that APIs are more expensive to run in the long run and make sense only in cases of large-scale communications handled by a massive single party.

Webhook automation

Almost all processes can be automated using webhooks. For example, Zapier, one of the most popular platforms offering easy-to-integrate webhook products, can be used for many purposes:

  1. Pulling and aggregating data from any online application.
  2. Share the contents of website forms.
  3. Create custom commands for instruments like Google Sheets and Docs.
  4. Building systems similar to smart homes with custom webhooks.

Many online services use them to build instant communication between apps that must perform an algorithm after being triggered by a command originating from an external source. Since you don’t need to manually verify commands or build additional infrastructure to use them, it is a very efficient way of automating different processes.

Webhook examples

In the crypto industry, webhooks are used everywhere and enable a powerful ecosystem with on-demand data available on all popular websites.

Here are several examples:

  • Trading automation vendors use webhooks from the TradingView platform to receive alerts and initiate algorithms. Retail crypto traders are used to manually establishing webhooks connections between their favorite automation vendors and terminals.
  • Many analytical sites like DeFiLlama aggregate data and can send it via webhooks when requested by third-party platforms. They also gather information from other places on the internet using hooks.
  • You encounter webhooks when receiving a message from a platform about a processed payment. In this case, webhooks are used to send out an email or SMS to users whose transactions have been verified with banks or blockchains.

Webhook integration

If you are interested in using webhooks to grab data from online applications in the DeFi ecosystem, it is a good idea to understand their purpose. For instance, GitHub has several different kinds of webhooks that allow users to invoke different responses from the platform and get notifications for specific components of Github. If you are interested in particular projects, using a Repository Webhook is quite useful to keep in touch with the development process.

Many retail traders and investors will greatly benefit from learning more about webhooks since they are used by the biggest analytical charting tool out there — TradingView. All automation vendors, portfolio trackers, and other providers pulling data from this terminal use webhooks to do so.

Webhook setup is a process that differs from one tool or application to another. For example, you will be using a certain framework and guidelines when working with Zapier and completely different ones for Svix. Experienced developers can easily set them up manually without using any additional instruments, but the product has been refined so well throughout the last decade that it is more efficient to simply rely on ready-made solutions.

The beauty of webhooks is that users can employ them for all sorts of purposes and even to build tiny apps grabbing information from useful sources without building a whole new application. It is a great advantage for individual users who like custom-built solutions for their endeavors like tracking portfolios manually or receiving notifications from their favorite DeFi aggregators.

What you should do in all cases is conduct a vigorous webhook testing procedure after the initial implementation since you need to make sure that the functionality works as intended every time it is used. The testing process usually takes way less time compared to establishing an API connection which can be time-consuming and costly in terms of development time.