Thursday, August 18, 2022

Collection of best practices for providing and consuming webhooks

Webhooks are the foundation of modern API development. They enable us to react to changes in our systems, an incoming text message, a successful payment, or that latest pull request no matter our stack. While webhooks are universal in concept, they are unstandardized API contracts with few organizations paying attention to their design, security controls, and overall operational experience.

Webhooks.fyi seeks to change that.

It serves both as a directory of webhook providers and a collection of best practices for providing and consuming webhooks. Starting from security, moving into payload protection, and continuing into operationalizing webhooks, we delve into the concepts and practices currently available in the wild.

What should you expect to find?

Contributing to webhooks.fyi

Yes! We have many webhooks to document, patterns to uncover, and best practices to highlight! Our contributing page covers how you can help.

Why did you create webhooks.fyi?

Web development is hard. As you have more moving pieces integrating more systems across different organizations, it only becomes harder.

At ngrok, our goal is to simplfiy building for the internet. Since most people find us through their favorite webhook provider, we knew integrating webhook verification would make applications more secure and reliable at scale. During that effort, we investigated 100 webhook providers and built in-product verifications for 50 of the most popular providers. We found practices that stood out as exceptionally powerful and others that left much to be desired.

Our goal in sharing this is to inform teams to choose patterns that make building and consuming webhooks easier, faster, and more secure.



from Hacker News https://webhooks.fyi/

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.