A Webhook is a mechanism that lets one application send data to another in real-time, automatically, whenever a specific event occurs. Think of a webhook as a "doorbell" for the software world — instead of walking to the door every 5 minutes to check if someone has arrived (that would be Polling), the doorbell rings on its own when someone presses it. This is exactly how webhooks work, enabling efficient automation systems. Whether it is a Slack notification when a new order arrives, updating your CRM when someone fills out a form, or syncing data between different systems, webhooks power them all.
In 2026, webhooks have become the foundational building block of every automation and integration system. Stripe uses them to notify payment results, GitHub uses them to trigger CI/CD on new pushes, Shopify uses them to alert when new orders arrive — virtually every major platform supports webhooks. This article will explain everything you need to know about webhooks, from how they work, how they differ from APIs, how to create a basic webhook, all the way to production best practices. Written to be accessible for both developers and non-technical readers.
How Do Webhooks Work?
The mechanism behind webhooks is remarkably simple. There are 3 main steps: Register → Event Occurs → Send HTTP POST. Imagine a real scenario: you have an online store on Shopify and want your system to notify Slack every time a new order comes in. You configure a webhook in Shopify by specifying the destination URL (e.g., your Slack Incoming Webhook URL) and selecting the event you want (e.g., orders/create). When a customer places an order, Shopify immediately sends an HTTP POST request containing the order data to the registered URL.
- 1.Register — The user specifies a webhook endpoint URL in the source platform and selects which events to listen for, such as orders/create, payment.success, or push.
- 2.Event Occurs (Trigger) — When the matching event happens, the source platform prepares the data (Payload) in JSON format.
- 3.Send HTTP POST (Deliver) — The source platform sends an HTTP POST request with the JSON payload to the destination URL. The receiver processes the data and responds with HTTP 200 OK to confirm receipt.
Webhooks use a Push model, not Pull — meaning the receiver does not need to repeatedly ask if there is new data. This reduces server load and delivers data in real-time instantly.
Example of a Real Webhook Payload
When a webhook fires, the data arrives as a JSON object. For example, when Stripe sends a webhook for a successful payment, the payload includes the event type, customer information, amount, payment status, and other necessary metadata. Your server (the receiver) takes this data and processes it accordingly — updating the order status in the database, sending a confirmation email, or notifying the team via Slack. Typically, a webhook payload contains key fields such as event type, timestamp, data object, and metadata.
How Are Webhooks Different from APIs?
Many people confuse webhooks with APIs because both use HTTP for communication. However, their operating principles are fundamentally different. An API (Application Programming Interface) works on a Pull or Request-Response model — the party that needs data must send a request to ask for it. A Webhook works on a Push or Event-driven model — the source system automatically sends data when an event occurs. A simple analogy: an API is like calling the pizza shop every 5 minutes asking "Is my pizza ready yet?" A webhook is like the pizza shop calling you to say "Your pizza is ready, come pick it up!" No repeated calling necessary.
| Feature | API (Pull) | Webhook (Push) |
|---|---|---|
| Communication Direction | Client sends request to server | Server sends data automatically |
| Data Timing | Get data when you ask (may have delay) | Get data instantly when event occurs (real-time) |
| Server Load | High — must handle repeated requests (polling) | Low — sends only when events occur |
| Setup Complexity | Low — just send a request | Medium — need an endpoint to receive data |
| Bandwidth Usage | High — repeated requests even with no new data | Low — sends only when there is new data |
| Example Use Cases | Fetch product list, search data | Order notification, payment success alert |
| Best For | On-demand data retrieval | Real-time event notifications |
When Should You Use Webhooks Instead of APIs?
Webhooks are not always better than APIs — each has its ideal use case. Use webhooks when you need real-time data the moment an event occurs, such as payment notifications, order status updates, or CI/CD pipeline triggers. Use APIs when you need to fetch data on demand, such as searching products, generating reports, or viewing order history. In many real-world systems, you will use both together: webhooks to receive event notifications, then APIs to fetch additional details when needed.
What Can You Use Webhooks For? Real-World Examples
Webhooks are used across virtually every industry and system that requires real-time communication. Here are the most common real-world webhook use cases organized by category:
1. E-commerce and Payment
In e-commerce systems, webhooks are the critical glue connecting everything together:
- •Stripe/Omise — Notify on successful payment, failure, or refund to update order status automatically
- •Shopify — Alert on new orders, out-of-stock products, or new customer signups
- •WooCommerce — Send webhooks when order status changes, e.g., Pending → Processing → Completed
- •LINE Pay / PromptPay — Real-time payment result notification via QR code
2. DevOps and CI/CD
Webhooks are the primary mechanism that makes CI/CD pipelines work automatically:
- •GitHub/GitLab — Trigger CI/CD pipelines on push, pull request, or merge events
- •Vercel/Netlify — Auto-deploy websites when new commits land on the main branch
- •Docker Hub — Notify when image builds complete, triggering deployments
- •Sentry — Alert dev teams via Slack/Discord when new production errors occur
3. Notifications and Communication
Webhooks help teams receive critical information in real-time without checking multiple platforms:
- •Slack Incoming Webhook — Send automated messages to channels from external systems
- •Discord Webhook — Notify server with events like sales figures, new members
- •LINE Notify — Send alerts to LINE groups or individuals
- •Microsoft Teams — Notify on task updates, incident reports
4. Marketing and CRM
Webhooks enable marketing systems to operate in real-time:
- •Mailchimp/Brevo — Notify on subscribe, unsubscribe, or bounce events
- •HubSpot — Trigger workflows when leads fill forms or open emails
- •Google Forms → Google Sheets → Slack — Instant notification when someone submits a form
- •Facebook Lead Ads — Push lead data to CRM instantly via webhook
5. Automation Platforms
Webhooks serve as the starting point for workflows in every automation platform:
- •n8n — Uses Webhook Trigger Node as the first node in workflows, receiving data from external systems. Read more: What is n8n
- •Zapier — Uses webhooks as triggers to create Zaps connecting 5,000+ apps
- •Make (Integromat) — Uses Custom Webhook Module as its primary trigger
- •Power Automate — Uses HTTP Trigger (Webhook) to receive requests from other systems
Webhooks are the foundation of all forms of automation. Whether you use n8n, Zapier, or Make, the first step usually starts with a Webhook Trigger.
How Do You Create a Basic Webhook?
Creating a webhook involves two sides: the Sender (Provider) and the Receiver (Consumer). The sender is the platform that will send webhooks to you (e.g., Stripe, GitHub, Shopify), which typically has a settings page where you enter your destination URL. The receiver is your server that needs an endpoint ready to accept the data. Let us look at how to set up both sides:
Receiver: Creating a Webhook Endpoint with Node.js
All you need is a server that can accept HTTP POST requests. For example, using Express.js you create an endpoint at the /webhook path. When a request arrives, read the body (JSON) and process it as needed. Finally, respond with HTTP 200 OK to tell the sender the data was received. Here are the main steps:
- 1.Create an HTTP Server — Use Express.js, Fastify, Hono, or any framework you prefer
- 2.Create a POST Endpoint — Define a path like /api/webhook or /webhook/stripe
- 3.Parse JSON Body — Use express.json() middleware or body-parser
- 4.Verify the Signature — Confirm the request comes from the legitimate source (Signature Verification)
- 5.Process the Data — Execute your business logic: update the database, send notifications, etc.
- 6.Respond 200 OK — Respond as quickly as possible (within 5 seconds), then process heavy work asynchronously
Sender: Configuring Webhooks in a Platform
Nearly every platform has a Webhook Settings page where you can configure them. The general steps are:
- 1.Open the Dashboard of the platform (e.g., Stripe Dashboard, GitHub Repository Settings)
- 2.Navigate to Webhook Settings — Usually found under Developer, API, or Integration sections
- 3.Enter the Endpoint URL — Your server URL, e.g., https://yourdomain.com/api/webhook
- 4.Select Events — Choose only the events you need, e.g., payment_intent.succeeded
- 5.Save the Secret Key — Store the Signing Secret for signature verification on the receiver side
- 6.Test — Use the Test/Send test webhook button provided by the platform to verify it works
Using n8n to Create Webhooks Without Code
If you do not want to write code yourself, n8n makes it incredibly easy. Simply drag a Webhook Trigger Node as the first node in your workflow, and n8n generates a URL automatically. Then take that URL and enter it in the platform you want to connect. When an event occurs, n8n receives the data and runs the rest of the workflow immediately — sending it to Google Sheets, Slack, or a database — all without writing a single line of code. This approach is perfect for beginners or anyone who needs to prototype quickly.
n8n has a Webhook Trigger Node that auto-generates a webhook URL for you. No need to deploy your own server. Perfect for beginners. Read more: What is n8n
What Are the Best Practices and Pitfalls of Using Webhooks?
Webhooks are easy to use, but there are several critical areas that need careful attention. Without proper handling, you risk losing data, exposing your system to attacks, or crashing your server. Here are the best practices you should follow:
- 1.Always Verify Signatures (Signature Verification) — Every platform sends a special header (e.g., X-Hub-Signature, Stripe-Signature) encrypted with a secret key. Your receiver must verify this signature on every request to confirm it comes from the legitimate source, not an attacker.
- 2.Respond 200 OK As Fast As Possible — Senders typically have a timeout of 5-30 seconds. If they do not receive a response in time, they consider it a failure and retry. So accept the request and respond 200 immediately, then process heavy work asynchronously (e.g., send to a queue).
- 3.Handle Retries and Idempotency — When a webhook fails, the sender retries (resends). Your endpoint must be idempotent — receiving the same data twice should not cause problems. For example, do not create duplicate orders. Use the Event ID as a key to check if you have already processed it.
- 4.Use HTTPS Only — Webhook payloads may contain sensitive data such as customer information and payment amounts. Always use HTTPS to encrypt data in transit and prevent eavesdropping.
- 5.Log Every Request — Record every incoming webhook request (headers, body, timestamp, response status) for debugging when issues arise and for retrospective auditing.
- 6.Set Up Rate Limiting — Protect against webhook floods that could crash your server. Set maximum requests per second/minute.
- 7.Handle Errors Correctly — If processing fails, respond with 4xx or 5xx to trigger a retry from the sender. But if the data is invalid (Invalid Payload), respond with 400 Bad Request to prevent unnecessary retries.
Never skip Signature Verification! Without it, anyone can send fake webhooks to your endpoint — potentially creating fraudulent orders or tampering with your data unintentionally.
Production Webhook Checklist
Use this checklist before deploying your webhook endpoint to production:
| Category | Action Item | Priority |
|---|---|---|
| Security | Verify signature on every request | Critical |
| Security | Use HTTPS only | Critical |
| Performance | Respond 200 OK within 5 seconds | High |
| Performance | Process heavy work asynchronously | High |
| Reliability | Handle idempotency with Event ID | High |
| Reliability | Log every request | High |
| Reliability | Set up Dead Letter Queue for failed events | Medium |
| Monitoring | Set up alerts for high error rates | Medium |
| Monitoring | Regularly check webhook health | Medium |
Which Platforms Support Webhooks?
In 2026, virtually every major platform supports webhooks. Here is a list of popular platforms organized by category, along with their most commonly used events:
| Category | Platforms | Popular Events |
|---|---|---|
| Payment | Stripe, Omise, PayPal | payment.success, refund.created |
| E-commerce | Shopify, WooCommerce, Lazada | order.created, product.updated |
| DevOps | GitHub, GitLab, Bitbucket | push, pull_request, merge |
| Hosting | Vercel, Netlify, Railway | deployment.created, build.completed |
| Communication | Slack, Discord, LINE | message.posted, member.joined |
| CRM | HubSpot, Salesforce, Pipedrive | contact.created, deal.updated |
| Mailchimp, Brevo, SendGrid | subscribe, unsubscribe, bounce | |
| Automation | n8n, Zapier, Make | webhook.trigger (custom URL) |
| Forms | Typeform, Google Forms, Tally | form.submitted |
| Monitoring | Sentry, Datadog, UptimeRobot | error.new, alert.triggered |
Webhooks in Thailand
For Thai developers, several local platforms support webhooks, including Omise (Payment Gateway), LINE Messaging API (Chatbot), SCB Open Banking (Banking API), and 2C2P (Payment). Additionally, LINE Official Account uses webhooks as the primary mechanism for receiving user messages to build chatbots. If you have ever built a LINE Bot before, you have already used webhooks.
Summary: What Is a Webhook and How to Get Started
A Webhook is a mechanism that enables applications to send data to each other in real-time automatically. It operates on a Push (event-driven) model, unlike APIs that operate on a Pull (request-response) model. Webhooks are the essential foundation of all modern automation systems — from payment processing and CI/CD to notifications and data synchronization.
- •Webhook = Push — System automatically sends data when an event occurs
- •API = Pull — You must send a request to ask for data
- •3 Steps — Register URL → Event occurs → Send HTTP POST
- •Real Use Cases — Payment, E-commerce, DevOps, Communication, CRM, Automation
- •Best Practices — Verify signatures, respond 200 OK fast, idempotency, HTTPS, log every request
- •Easy Start — Use n8n to create webhooks without writing any code
Webhooks are a fundamental skill that every developer and automation user should understand. Start simple with an n8n Webhook Trigger and build from there. Read more: What is n8n
Frequently Asked Questions
Webhook คืออะไร อธิบายแบบง่ายๆ?
Webhook คือกลไกที่ให้แอปหนึ่งส่งข้อมูลไปยังอีกแอปหนึ่งโดยอัตโนมัติเมื่อเกิด Event เปรียบเทียบง่ายๆ เหมือนกริ่งประตู แทนที่คุณต้องเดินไปเปิดประตูดูทุก 5 นาที (Polling) กริ่งจะดังเองเมื่อมีคนมากดกริ่ง Webhook ทำงานแบบเดียวกัน ส่งข้อมูลแบบ Real-time ทันทีที่เกิดเหตุการณ์
Webhook ต่างจาก API ยังไง?
API ทำงานแบบ Pull คือคุณต้องส่ง Request ไปถามข้อมูลเอง ส่วน Webhook ทำงานแบบ Push คือระบบส่งข้อมูลมาให้อัตโนมัติเมื่อเกิด Event ไม่ต้องถามซ้ำ API เหมือนโทรถามร้านว่าพิซซ่าเสร็จหรือยัง Webhook เหมือนร้านโทรมาบอกเองว่าพิซซ่าเสร็จแล้ว
Webhook ปลอดภัยไหม?
Webhook ปลอดภัยถ้าตั้งค่าถูกต้อง สิ่งสำคัญที่สุดคือต้องตรวจสอบ Signature ทุก Request เพื่อยืนยันว่ามาจากแหล่งที่ถูกต้อง ใช้ HTTPS เท่านั้น เก็บ Secret Key อย่างปลอดภัย และตั้ง Rate Limiting ป้องกัน Webhook Flood ถ้าไม่ตรวจสอบ Signature ใครก็ส่ง Fake Webhook มาที่ Endpoint คุณได้
สร้าง Webhook โดยไม่เขียนโค้ดได้ไหม?
ได้ครับ ใช้ Automation Platform เช่น n8n, Zapier หรือ Make ได้เลย ตัวอย่างเช่น n8n มี Webhook Trigger Node ที่สร้าง URL ให้อัตโนมัติ แค่ลาก Node มาวาง ก็ได้ Webhook URL พร้อมใช้งาน ไม่ต้องเขียนแม้แต่บรรทัดเดียว เหมาะสำหรับผู้เริ่มต้นหรือคนที่ต้องการ Prototype เร็วๆ
Webhook ใช้ทำอะไรได้บ้าง?
Webhook ใช้งานได้หลากหลาย เช่น แจ้งเตือน Slack เมื่อมี Order ใหม่ อัปเดต CRM เมื่อมีคนกรอกฟอร์ม Trigger CI/CD Pipeline เมื่อ Push โค้ด ส่งอีเมลยืนยันเมื่อชำระเงินสำเร็จ Sync ข้อมูลระหว่างระบบ แจ้งทีมเมื่อมี Error ใน Production และอีกมากมาย
ถ้า Webhook ส่งข้อมูลมาแล้ว Server รับไม่ทัน จะเกิดอะไรขึ้น?
ถ้า Server ไม่ตอบ 200 OK ภายในเวลาที่กำหนด (ปกติ 5-30 วินาที) ฝั่งส่งจะถือว่า Fail และ Retry ส่งซ้ำ โดยส่วนใหญ่จะ Retry 3-5 ครั้ง ด้วย Exponential Backoff (รอนานขึ้นเรื่อยๆ) ดังนั้นควรตอบ 200 ทันทีที่ได้รับ แล้วค่อยประมวลผลหนักแบบ Async
Idempotency ของ Webhook คืออะไร ทำไมสำคัญ?
Idempotency คือการที่ระบบรับข้อมูลเดิมซ้ำแล้วไม่เกิดปัญหา เช่น ไม่สร้าง Order ซ้ำ สำคัญเพราะ Webhook มี Retry Mechanism ที่จะส่งซ้ำเมื่อ Fail ดังนั้น Endpoint ต้องตรวจสอบ Event ID ว่าเคยประมวลผลแล้วหรือยัง ถ้าเคยแล้วให้ Skip ไป ไม่ใช่ทำซ้ำ
Arm - CherCode
Full-Stack Developer & Founder
Software developer with 5+ years of experience in Web Development, AI Integration, and Automation. Specializing in Next.js, React, n8n, and LLM Integration. Founder of CherCode, building systems for Thai businesses.
Portfolio
