Working with Webhooks Lorna Mitchell, Nexmo

What is a Webhook? An HTTP POST request. @lornajane

Why Webhooks? Event-driven HTTP = Webhooks @lornajane

Webhooks in the Wild @lornajane

Slack Integrations @lornajane

GitHub Builds @lornajane

Webhook Use Cases • Notify of events • Deliver data when available • Broadcast to multiple receivers as-it-happens @lornajane

How APIs Work @lornajane

How APIs Work @lornajane

How APIs Work @lornajane

How APIs Work @lornajane

How Webhooks Work @lornajane

How Webhooks Work @lornajane

How Webhooks Work @lornajane

What About Time? @lornajane

APIs Over Time @lornajane

Webhooks Over Time @lornajane

Where To Webhook To? @lornajane

Webhooks Need Pre-arrangement With APIs, the client calls the server. With Webhooks, the client has to register with the server, to get data later. @lornajane

Receiving Webhooks Warning: minor tangent ahead @lornajane

Ngrok for Testing Webhooks https://ngrok.com/ - secure tunnel to your dev platform Use this tool to: • webhook into code running locally • inspect the request and response of the webhook • replay requests and see the responses @lornajane

Ngrok for Testing Webhooks Start the tunnel on your laptop: receive a public URL @lornajane

Example: Nexmo SMS When you register a phone number and receive an SMS, your application receives a webhook. @lornajane

I’m running open endpoints on the internet and accepting data, now what? @lornajane

Webhook Security When working with webhooks: • be aware of attack vectors • always use SSL • consider shared secrets and hashing • all good HTTP security practices apply @lornajane

Nexmo SMS Security Nexmo can sign messages using a shared secret. The PHP library https://github.com/nexmo/nexmo-php can do this for you. $signature = new \Nexmo\Client\Signature($_GET, SIGNATURE_SECRET, ‘sha256’); $isValid = $signature->check($_GET[‘sig’]); @lornajane

Webhooks … are awesome :) @lornajane

Webhooks in Your Applications • Use them WHEN you want to notify other systems • Examples of HOW to use webhooks hopefully gave you some ideas • Webhooks are HTTP: we already understand this @lornajane

Thanks! • Nexmo: https://nexmo.com (DM me for credit) • Me: https://lornajane.net and @lornajane • Ngrok: https://ngrok.com/ • PHP Web Services from O’Reilly @lornajane