PeakLab
Back to glossary

Webhook

HTTP notification mechanism enabling an application to send real-time data to a defined URL when specific events occur.

Updated on January 27, 2026

A webhook is an event-driven communication pattern that enables an application to automatically send data to a configured URL when a specific event occurs. Unlike traditional APIs where the client regularly polls the server, webhooks reverse this flow by instantly pushing information to the recipient. This real-time HTTP notification mechanism has become a standard for modern integration between services and cloud applications.

Technical Fundamentals

  • Push-based architecture that eliminates repetitive polling and reduces notification latency
  • HTTP POST requests sent to a predefined callback URL with JSON or XML payload
  • Cryptographic signature mechanism (HMAC) to authenticate the source and ensure data integrity
  • Automatic retry management with exponential backoff in case of delivery failure

Strategic Benefits

  • Drastic reduction in server load by eliminating unnecessary polling requests
  • Real-time notifications enabling instant automated workflows
  • Enhanced scalability through decoupled event-driven architecture
  • Resource and bandwidth savings with event-only communications
  • Simplified integrations between heterogeneous systems without complex synchronization logic

Practical Implementation Example

Here's an example of an Express.js server receiving and validating a Stripe payment webhook:

webhook-handler.ts
import express from 'express';
import crypto from 'crypto';

const app = express();
const WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET!;

// Middleware to receive raw body (required for signature)
app.post('/webhooks/stripe',
  express.raw({ type: 'application/json' }),
  (req, res) => {
    const signature = req.headers['stripe-signature'] as string;
    
    try {
      // HMAC signature verification
      const expectedSignature = crypto
        .createHmac('sha256', WEBHOOK_SECRET)
        .update(req.body)
        .digest('hex');
      
      if (signature !== expectedSignature) {
        return res.status(401).send('Invalid signature');
      }
      
      const event = JSON.parse(req.body.toString());
      
      // Process based on event type
      switch (event.type) {
        case 'payment_intent.succeeded':
          await handlePaymentSuccess(event.data.object);
          break;
        case 'payment_intent.failed':
          await handlePaymentFailure(event.data.object);
          break;
        default:
          console.log(`Unhandled event: ${event.type}`);
      }
      
      // Quick response to avoid timeouts
      res.status(200).json({ received: true });
      
    } catch (error) {
      console.error('Webhook error:', error);
      res.status(400).send('Webhook processing failed');
    }
  }
);

async function handlePaymentSuccess(paymentIntent: any) {
  // Business logic: update order, send email, etc.
  console.log('Payment succeeded:', paymentIntent.id);
}

async function handlePaymentFailure(paymentIntent: any) {
  // Business logic: customer notification, retry logic
  console.log('Payment failed:', paymentIntent.id);
}

Recommended Implementation

  1. Define a dedicated public HTTPS URL for webhooks with a secure endpoint
  2. Implement cryptographic signature validation to authenticate each request
  3. Process webhooks asynchronously with a message queue to avoid timeouts
  4. Respond quickly (< 5 seconds) with a 200 code before any heavy business processing
  5. Implement idempotency to handle potential duplicates during automatic retries
  6. Log all received events for debugging and auditing
  7. Configure a monitoring system to detect delivery failures

Production Best Practice

Use a queue system (Redis, RabbitMQ, AWS SQS) to process webhooks asynchronously. Respond immediately with a 200 OK and process the payload in the background. This prevents timeouts from the provider who might consider your endpoint as failing and stop deliveries. Also implement a deduplication system based on event ID to handle idempotency.

Related Tools and Services

  • Ngrok or LocalTunnel to expose your endpoints locally during development
  • Webhook.site to test and inspect payloads without code
  • Svix to manage complete webhook sending infrastructure (retry, logging, customer portal)
  • Hookdeck to route, transform, and debug incoming webhooks
  • AWS EventBridge or Google Cloud Pub/Sub for distributed event-driven architectures

Webhooks form the foundation of modern event-driven architectures and SaaS integrations. Their adoption significantly reduces infrastructure costs while improving system responsiveness. In a context of growing automation and interconnected application ecosystems, mastering webhooks has become an essential skill for building scalable and reactive applications that meet users' expectations for instantaneity.

Themoneyisalreadyonthetable.

In 1 hour, discover exactly how much you're losing and how to recover it.

Web development, automation & AI agency

contact@peaklab.fr
Newsletter

Get our tech and business tips delivered straight to your inbox.

Follow us
Crédit d'Impôt Innovation - PeakLab agréé CII

© PeakLab 2026

Legal NoticesPrivacy PolicySitemap