Webhook
A webhook is an automated message sent from one application to another when a specific event occurs. Instead of your app constantly checking 'did anything happen?', the external service pushes a notification to your app the moment something does. Webhooks power real-time integrations between services.
Example
When a customer completes a Stripe payment, Stripe sends a webhook to your app's /api/webhooks/stripe endpoint with the payment details. Your app receives this, updates the user's subscription status, and sends a confirmation email — all automatically.
Webhooks are how services communicate events in real time. If APIs are like making a phone call, webhooks are like receiving a text notification.
Polling vs Webhooks
| Polling (without webhooks) | Webhooks |
|---|---|
| "Did anything happen yet?" every 5 seconds | "Something happened!" when it happens |
| Wastes resources on empty checks | Only fires when there's an event |
| Delayed awareness | Instant notification |
| Simple to implement | Requires an endpoint |
Common Webhook Use Cases
| Service | Event | Your App Does |
|---|---|---|
| Stripe | Payment completed | Activate subscription |
| GitHub | Code pushed | Trigger deployment |
| Resend | Email bounced | Update user record |
| Clerk | User created | Set up user profile |
How Webhooks Work
- Register your endpoint — Tell the service where to send events
- Event occurs — Something happens (payment, signup, etc.)
- Service sends POST request — Webhook payload hits your endpoint
- Your app processes it — Handle the event and respond
Webhook Security
Always verify webhook signatures:
- Services sign webhooks with a secret key
- Your app verifies the signature before processing
- This prevents anyone from faking webhook events
- AI usually generates this verification code — always keep it
Common Gotchas
- Webhooks can fail — Handle retries and idempotency
- Order isn't guaranteed — Events might arrive out of sequence
- Verify signatures — Never trust unverified webhook data
- Respond quickly — Return 200 status immediately, process async
Ad
Emergent — An agentic vibe-coding platform that builds production-ready apps