A webhook is an HTTP callback that delivers real-time event notifications from one system to another when specific actions or conditions occur.
Also known as: HTTP Callback, Web Callback, Reverse API
A webhook is an HTTP-based callback mechanism that enables one system to send real-time notifications to another when a specific event occurs. Unlike traditional API polling, where a client repeatedly queries a server for updates, webhooks push data to a designated URL as events happen, enabling event-driven architectures with minimal latency and resource consumption.
Webhook implementations involve three components: the provider (the system where events originate), the consumer (the system that receives notifications), and the endpoint (the URL where notifications are delivered). The consumer registers an endpoint URL with the provider, specifying which events should trigger notifications.
When a qualifying event occurs, the provider constructs an HTTP POST request containing event data — typically as a JSON payload — and sends it to the registered endpoint. The payload includes event metadata (type, timestamp, unique ID) and the relevant data associated with the event. The consumer's server receives the request, processes the payload, and returns an HTTP status code indicating success or failure.
Reliability mechanisms are essential for production webhook implementations. Providers typically implement retry logic with exponential backoff — if the initial delivery fails, the provider retries after increasing intervals (1 second, 5 seconds, 30 seconds, 5 minutes). Most providers will retry for a defined period before marking the delivery as permanently failed.
Security is addressed through several mechanisms. Webhook signatures — HMAC-SHA256 hashes computed with a shared secret — allow consumers to verify that payloads genuinely originated from the provider and have not been tampered with in transit. IP allowlisting restricts which source addresses can deliver webhooks. HTTPS ensures transport encryption.
Webhooks fundamentally change how systems integrate. Polling-based integrations waste resources by repeatedly checking for changes that may not have occurred. A system polling every 30 seconds makes 2,880 unnecessary requests per day if events only occur a few times daily. Webhooks eliminate this waste by delivering data only when something happens.
For time-sensitive workflows, the latency advantage is significant. Polling introduces up to one full polling interval of delay. Webhooks deliver data within seconds of the event, enabling real-time reactions — such as triggering a compliance review when a new transaction is submitted or alerting a team when a contract review is completed.
Webhook architectures also scale more efficiently. As event volume grows, the provider handles delivery without requiring consumers to increase their polling frequency. This decoupling allows both systems to scale independently.
APIVult's API architecture supports webhook-style integration patterns for asynchronous processing workflows. For long-running operations like document analysis with FinAudit AI or batch sanctions screening with SanctionShield AI, webhook callbacks enable your application to submit work and receive results asynchronously rather than blocking on synchronous responses.