Glossary/Webhook
    APIs & Protocols

    What is Webhook?

    A webhook is an HTTP callback that automatically sends data to a specified URL when a specific event occurs, enabling real-time event-driven communication between systems.

    Last updated: February 2026

    Webhook Explained

    A webhook is an automated notification mechanism—when something happens in one system, it sends an HTTP POST request to a URL you specify with data about the event. Think of it as the opposite of polling: instead of repeatedly asking 'did anything change?', the system tells you when something happens. Webhooks are essential for payment processing (Stripe sends webhook events for successful charges, refunds, and disputes), CI/CD pipelines, and third-party integrations. At M3L Software, webhooks are a core part of every payment integration we build. We implement robust webhook handlers with signature verification, idempotency, retry logic, and comprehensive event logging to ensure no events are missed.

    Key Features

    Event-driven (push model, not polling)
    HTTP POST requests with JSON payload
    Signature verification for security
    Retry mechanisms for failed deliveries
    Real-time event notification
    Integrates with any HTTP-capable system

    Common Use Cases

    1
    Payment event processing (Stripe, PayPal)
    2
    CI/CD pipeline triggers (GitHub, GitLab)
    3
    CRM updates and synchronization
    4
    E-commerce order notifications
    5
    Communication platform events (Twilio, SendGrid)

    Code Example

    python
    from fastapi import FastAPI, Request, HTTPException
    import stripe
    import hmac
    import hashlib
    
    app = FastAPI()
    WEBHOOK_SECRET = "whsec_..."
    
    @app.post("/webhooks/stripe")
    async def stripe_webhook(request: Request):
        payload = await request.body()
        sig_header = request.headers.get("stripe-signature")
        
        try:
            event = stripe.Webhook.construct_event(
                payload, sig_header, WEBHOOK_SECRET
            )
        except stripe.error.SignatureVerificationError:
            raise HTTPException(status_code=400, detail="Invalid signature")
        
        if event["type"] == "payment_intent.succeeded":
            payment = event["data"]["object"]
            # Process successful payment
            print(f"Payment received: {payment['amount']}")
        elif event["type"] == "customer.subscription.deleted":
            # Handle subscription cancellation
            pass
        
        return {"status": "received"}

    A Stripe webhook handler in FastAPI that verifies the webhook signature for security, then processes different event types (successful payment, subscription cancellation). This pattern ensures your system stays synchronized with Stripe.

    Frequently Asked Questions

    How do webhooks differ from APIs?

    Regular APIs are pull-based (you request data). Webhooks are push-based (data is sent to you automatically when events occur). Webhooks eliminate the need for polling and provide real-time notifications.

    What if my webhook handler is down?

    Good webhook providers (like Stripe) retry failed deliveries with exponential backoff. You should also implement idempotency (handling duplicate events) and event logging for reconciliation.

    How do I secure webhook endpoints?

    Verify webhook signatures (Stripe and most providers include a signature header), use HTTPS, validate the payload structure, implement rate limiting, and use a secret endpoint URL.

    Related Terms

    Need Help with Webhook?

    M3L Software specializes in apis & protocols. Get expert implementation with founding client pricing (50% off).

    Have a Project in Mind?

    Book a free 30-minute call to discuss your project. No sales pitch — just honest technical guidance from a senior engineer.

    Free Consultation
    Fast Turnaround
    Money-Back Guarantee