Movatterモバイル変換


[0]ホーム

URL:


Jump to content
WikipediaThe Free Encyclopedia
Search

Webhook

From Wikipedia, the free encyclopedia
Method of web development

Inweb development, awebhook is a method of augmenting or altering the behavior of aweb page orweb application with customcallbacks. These callbacks may be maintained, modified, and managed by third-party users who need not be affiliated with the originating website or application. In 2007,Jeff Lindsay coined the termwebhook from the computer programming termhook.[1]

Function

[edit]

Webhooks are "user-defined HTTP callbacks".[2] They are usually triggered by some event, such as pushing code to a repository,[3] a purchase, a comment being posted to a blog[4] and many more use cases.[5] When that event occurs, the source site makes an HTTP request to the URL configured for the webhook. Users can configure them to cause events on one site to invoke behavior on another.

Common uses are to trigger builds withcontinuous integration systems[6] or to notifybug tracking systems.[7] Because webhooks use HTTP, they can be integrated into web services without adding new infrastructure.[8]

Authenticating the webhook notification

[edit]

When the client (the originating website or application) makes a webhook call to the third-party user's server, the incoming POST request should be authenticated to avoid aspoofing attack and its timestamp verified to avoid areplay attack.[9] Different techniques to authenticate the client are used:

The sender may choose to keep a constant list ofIP addresses from which requests will be sent. This is not a sufficient security measure on its own, but it is useful for when the receiving endpoint is behind afirewall orNAT.

See also

[edit]

References

[edit]
  1. ^Web hook to revolutionize the web, 3 May 2007, archived fromthe original on 2018-06-30
  2. ^"Webhooks". Atlassian. Retrieved2019-09-24.]
  3. ^About Webhooks - Github Help
  4. ^WordPress Webhooks
  5. ^Use Cases for Webhooks
  6. ^Jenkins GitHub Commit Hooks HOWTO, archived fromthe original on 2015-09-25
  7. ^Google Project Hosting - Post-Commit Web Hooks
  8. ^What are WebHooks and How Do They Enable a Real-time Web?
  9. ^"Why Verify".Svix. Svix Inc. RetrievedSeptember 12, 2021.Another potential security hole is what's called replay attacks.
  10. ^"DocuSign Connect Now Includes Basic Authentication Support".DocuSign. DocuSign, Inc. 16 November 2017. RetrievedJanuary 15, 2020.the Connect notification service has been updated to support the Basic Authentication scheme with customers' Connect servers (listeners).
  11. ^"Securing your webhooks".Github. Github, Inc. RetrievedSeptember 12, 2021.
  12. ^"Checking Webhook Signatures".Stripe. Stripe, Inc. Retrieved12 May 2019.
  13. ^"Getting Started - Graph API - Documentation - Facebook for Developers".Facebook. Facebook, Inc. Retrieved12 May 2019.
  14. ^"Mutual TLS: Stuff you should know".DocuSign. DocuSign, Inc. RetrievedJanuary 15, 2020.Mutual TLS plus Client Access Control enables your listener app to ensure that the Connect notification message was sent by DocuSign and that it wasn't modified en route.

External links

[edit]
Protocols
Server APIs
Apache modules
Topics
Browser APIs
Web APIs
WHATWG
W3C
Khronos
Others
Topics
Related topics
Retrieved from "https://en.wikipedia.org/w/index.php?title=Webhook&oldid=1289545352"
Categories:
Hidden categories:

[8]ページ先頭

©2009-2026 Movatter.jp