I feel like it's time for an improvement on / replacement for webhooks.<p>Pains / concerns:<p>* Local development is annoying (ngrok, etc.)<p>* Security is low<p>* Doesn't work super well with serverless stack<p>Curious how others are thinking about this.
This is an article on the subject I really enjoyed recently: <a href="https://blog.sequin.io/events-not-webhooks" rel="nofollow">https://blog.sequin.io/events-not-webhooks</a>
I agree that local development is annoying, but I haven't found the other two to be pain points:<p>- For security, services that invoke webhooks usually cryptographically sign their payloads to allow their authenticity to be verified.<p>- Maybe you mean something else by serverless, but in my experience, it has been relatively easy to deploy an AWS Lambda function (e.g. using Serverless Framework) that gets called by a webhook.<p>Webhooks aren't perfect, but they do seem significantly simpler than the alternatives that come to mind, like WebSockets or WebRTC. Long polling is simpler, but often that is already an option for services that provide webhooks. I'll be interested to see if others have ideas for better alternatives, though.
No answers, but since you asked about ways to think about the problem, here's one interpretation:<p>- An HTTP request is like a function call (a named function, with arguments as path/params/body)<p>- A webhook is like a callback (albeit across a network boundary)
I guess "Webhooks as a service" would come next and alleviate some of these issues. As discussed here:
<a href="https://news.ycombinator.com/item?id=27528202" rel="nofollow">https://news.ycombinator.com/item?id=27528202</a><p>Some of my customers also use these:<p><a href="https://zapier.com/page/webhooks/" rel="nofollow">https://zapier.com/page/webhooks/</a><p><a href="https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks" rel="nofollow">https://support.discord.com/hc/en-us/articles/228383668-Intr...</a>
We're working on a solution to solve a lot of this, especially for event data. We push events directly to your customers, so they neither need to pull them or build webhook endpoints. Contact me if your interested.