from Hacker News

Ask HN: What Comes After Webhooks?

by abeaclark on 1/7/22, 8:41 PM with 11 comments

I feel like it's time for an improvement on / replacement for webhooks.

Pains / concerns:

* Local development is annoying (ngrok, etc.)

* Security is low

* Doesn't work super well with serverless stack

Curious how others are thinking about this.

  • by anderspitman on 1/7/22, 9:09 PM

    This is an article on the subject I really enjoyed recently: https://blog.sequin.io/events-not-webhooks

  • by binarynate on 1/7/22, 10:01 PM

    I agree that local development is annoying, but I haven't found the other two to be pain points:

    - For security, services that invoke webhooks usually cryptographically sign their payloads to allow their authenticity to be verified.

    - Maybe you mean something else by serverless, but in my experience, it has been relatively easy to deploy an AWS Lambda function (e.g. using Serverless Framework) that gets called by a webhook.

    Webhooks aren't perfect, but they do seem significantly simpler than the alternatives that come to mind, like WebSockets or WebRTC. Long polling is simpler, but often that is already an option for services that provide webhooks. I'll be interested to see if others have ideas for better alternatives, though.

  • by jka on 1/7/22, 9:13 PM

    No answers, but since you asked about ways to think about the problem, here's one interpretation:

    - An HTTP request is like a function call (a named function, with arguments as path/params/body)

    - A webhook is like a callback (albeit across a network boundary)

  • by hbcondo714 on 1/7/22, 10:42 PM

    I guess "Webhooks as a service" would come next and alleviate some of these issues. As discussed here: https://news.ycombinator.com/item?id=27528202

    Some of my customers also use these:

    https://zapier.com/page/webhooks/

    https://support.discord.com/hc/en-us/articles/228383668-Intr...

  • by ryanmccullagh on 1/7/22, 11:22 PM

    Places like MailGun that don't support any type of authentication. Stripe and GitHub do it well.

  • by wizwit999 on 1/8/22, 12:04 AM

    We're working on a solution to solve a lot of this, especially for event data. We push events directly to your customers, so they neither need to pull them or build webhook endpoints. Contact me if your interested.

  • by schappim on 1/8/22, 7:52 AM

    This would be what AWS’ Event Bridge and Event Bus are trying to solve. Pitty it is not a standard across multiple cloud providers.