We can understand simply, Webhook and APIs are ways for different programs to communicate with each other more quickly and easily.
1. What is webhook?
Webhook (also known as HTTP callback ) provides a mechanism to allow an application (server-side) to automatically notify and send real-time data to another application (client-side) whenever there is a New events (data) arise on this application.
Occasionally, Webhook is also called Reverse APIs . In normal API applications, the client side sends requests (via APIs) to the server. In contrast, with Webhook, the server calls Webhook (usually POST HTTP request) to the endpoint of the URL previously configured for Webhook by the client provided and the client will handle the returned results.
Webhook is based on event response, it is usually triggered by specific events, so the client will receive a notification as soon as the server has a new event without having to “probe” the server regularly.
Set up a webhook
To set up a Webhook, you need to “register” a URL for the Webhook provider send requests when needed. This also means that your application is accessible from the public web.
Normally Webhook will POST data in 2 ways: JSON or XML . The provider will tell you the content or even customize the content of these provided APIs.
Webhook uses HTTP , so it can be integrated into web services without adding new infrastructure. At the same time, it is also easy to use, so it is increasingly applied more widely.
When to use Webhook
Webhooks are often used to perform requests and small tasks. For example, when your application or platform requires real-time updates, we don’t want to waste a lot of resources on that. Webhook is used in this case.
Another case of using webhooks via the API is when the API is “poor” or has no API to start. You can create a data provisioning solution that your application needs to operate.
However, attention should be paid. Because Webhook is not frequently used to call data and only works when there is new data, it is likely that it will not be possible to get the latest updates if the system stops working for some reason.
Also, accept the total amount of data available with the given update because you have little control over them.
Webhook security
Because Webhook provides data to publicly available URLs, it is more likely to be hacked and modified before being returned to the client. To prevent this, all incoming connections need to be https :
- Add the token to the URL, acting as a unique identifier. For example:? Auth = token
- Basic Auth deployment options.
The downside to these two techniques is that we will have to send the auth token along with the request.
- The provider will sign (encrypt) the requests sent to the client and the client will verify these signatures.
2. What are APIs?
API (Application Programming Interface) is a way for different applications and platforms to connect with each other through a common communication method.
And for the API to work, it needs to make a request with the data, and the response for that request. Data is usually formatted as JSON, XML or any other type.
The API makes building HTTP services very simple and fast. Open source, fully supports MVC model or HTTP components such as: URI, request / response headers, caching, versioning, content format. Suitable for devices with limited bandwidth like mobile, tablet.
Today, many applications are built on this model. Large applications often incorporate many APIs, which is convenient for scaling their services.
When to use the API
The API should be used when it is frequently requested to update data continuously. There will be new data when calling API. If the data does not need to be constantly updated, using the API will waste a lot of resources.
However, if it is set to use API, we can impose limits on requests made within a specific time period. Some applications even limit the number of requests made right from the start to reduce resource consumption going forward.
3. Webhook and APIs
- They all support synchronization and data transfer, but they do it in different ways, thus serving different purposes.
- APIs need to “probe” the server regularly to see if new events have arisen. On the contrary, with Webhook whenever there is an event or new data the server will automatically notify the client. In simple terms, the API will execute when required (needs instructions, send requests – receive feedback), while Webhook will automatically execute requests when certain criteria are met.
- The API makes a call without knowing whether or not to receive any new data updates as a response, and Webhook only receives calls through HTTP POST from external systems when they have a certain number of updates. update data.
- Webhook sends data and will not care anymore after making request. Therefore if an error occurs the data will be lost. Many Webhooks still care about client-side response, and if there are errors, they will send the data back.
- If the Webhook request has been processed but the error is still there, it will cause duplicate data. Therefore, it is important to understand the mechanism of the provider used to handle cases where errors occur.
- Webhook can make many requests corresponding to events. If multiple requests are repeatedly sent to the client, it could lead to DDoS (denial of service attack). Therefore, make sure to handle this case as the Webhook becomes increasingly scale.
- Most applications use both API and Webhook to create a system that can communicate the right kind of data at the right time when needed.
Refer