Webhook
A webhook is an HTTP callback that automatically sends data from one system to another in real time when a specific event occurs.
What Is Webhook?
A webhook is an HTTP-based communication mechanism that allows one system to automatically notify another system when a specific event occurs. Instead of constantly polling an API to check for new data (which wastes resources and introduces latency), a webhook delivers data instantly at the moment something happens. The term was coined by Jeff Lindsay in 2007, combining "web" with "hook" β a programming term for an interception point where custom code can be inserted. In practice, a webhook is simply an HTTP POST request sent from a source system to a URL endpoint you specify, containing a payload of event data. For example, when a customer sends a message on WhatsApp, the WhatsApp Business API sends a webhook to your server with the message content, sender information, and metadata. Webhooks are foundational to modern software architecture because they enable event-driven, loosely coupled integrations between systems that don't need to know about each other's internal workings. In the chatbot ecosystem, webhooks are the primary mechanism through which messaging platforms communicate with chatbot backends.
How Webhook Works
A webhook operates through a simple three-step process. First, you register a webhook URL with the source system β this is an HTTPS endpoint on your server that is publicly accessible. Second, when a predefined event occurs in the source system (a new message arrives, a payment completes, a form is submitted), the source constructs an HTTP POST request containing the event data as a JSON payload, along with headers for authentication and metadata, and sends it to your registered URL. Third, your server receives the request, validates its authenticity (typically by verifying a signature header using a shared secret), processes the payload, and returns an HTTP 200 response to acknowledge receipt. The entire round trip typically happens in under a second. Webhook implementations include retry logic for failed deliveries (if your server returns an error or is unreachable, the source retries after a delay) and often provide a dashboard to inspect recent deliveries and failures. Security is handled through HMAC signatures, API keys in headers, or mutual TLS. In chatbot architectures, webhooks carry both incoming messages (platform to chatbot) and delivery receipts (confirmations that messages were delivered or read).
Why Webhook Matters
Webhooks are the connective tissue of modern chatbot architectures. Every messaging channel β WhatsApp, Telegram, Facebook Messenger, Instagram, Discord β delivers incoming messages to chatbot servers via webhooks. Without webhooks, chatbot backends would need to continuously poll each platform's API for new messages, which is slow (introducing seconds of latency), wasteful (consuming API rate limits on empty checks), and unreliable (missing messages between polling intervals). Beyond message delivery, webhooks enable chatbots to integrate with CRM systems, e-commerce platforms, payment processors, and internal tools, creating automated workflows triggered by conversation events. For businesses, webhooks transform chatbots from isolated Q&A tools into connected hubs that can look up orders, create tickets, update customer records, and trigger business processes β all in real time.
How Chatloom Uses Webhook
Webhooks are central to Chatloom's omnichannel architecture. Each connected messaging channel (WhatsApp, Telegram, Instagram, Messenger, Discord) communicates with Chatloom via webhooks, delivering incoming messages in real time to the AI processing pipeline. Chatloom also provides outgoing webhooks that notify your systems when events occur β new conversations, messages, handoffs, and resolution events β enabling integration with your CRM, helpdesk, or custom workflows. Webhook endpoints include signature verification for security and retry logic for reliability.
Related Terms
Explore related concepts to deepen your understanding.
Frequently Asked Questions
- What is the difference between a webhook and an API?
- An API is a request-response interface where you send a request and get a response (pull model). A webhook is a push model where the source system sends data to you when something happens. APIs require you to ask for data; webhooks deliver data automatically. Most systems use both: webhooks for real-time event notifications and APIs for on-demand data retrieval.
- Are webhooks secure?
- Webhooks can be secured through multiple mechanisms: HMAC signature verification (the source signs the payload with a shared secret, and your server verifies the signature), HTTPS encryption in transit, IP allowlisting, and mutual TLS. Well-implemented webhook systems like those used by Stripe, WhatsApp, and Telegram include built-in signature verification.
- What happens if my server is down when a webhook fires?
- Most webhook providers implement retry logic with exponential backoff. If your server returns an error or is unreachable, the provider retries the delivery after increasing delays (e.g., 1 minute, 5 minutes, 30 minutes). After a maximum number of retries, the webhook may be disabled and you'll be notified. Some providers also offer a delivery log where you can manually replay missed webhooks.