Just as message queues allow applications within an organization to talk to each other, WebHooks provide a way for websites across different organizations to communicate in an asynchronous fashion.
Essentially a WebHook is a callback mechanism. Inside the WebHook provider, you can register a custom URL. When appropriate, the providers uses this URL to send messages to your application about events in it. For example, Dropbox can be configured to notify a company’s audit and backup infrastructure whenever a file is created in said company’s Dropbox account.
While this was always theoretically possible, there are some real-world considerations to take into account. If left unchecked, malicious parties can could use this infrastructure to launch denial of service attacks as was the case with pingbacks.
To prevent this from happening, WebHooks require a verification step. From the Dropbox documentation,
Once you enter your webhook URI, an initial "verification request" will be made to that URI. This verification is an HTTP GET request with a query parameter called challenge. Your app needs to respond by echoing back that challenge parameter. The purpose of this verification request is to demonstrate that your app really does want to receive notifications at that URI. If you accidentally entered the wrong URI (or if someone maliciously entered your server as their webhook), your app would fail to respond correctly to the challenge request, and Dropbox would not send any notifications to that URI.
Receiving
As part of the their RC 1 release, ASP.NET WebHooks includes custom “receivers” for the following providers:
- Azure Alerts and Kudu
- BitBucket
- Microsoft Dynamics CRM
- Dropbox
- GitHub
- MailChimp
- PayPal
- Pusher
- Salesforce
- Slack
- Stripe
- Trello
- WordPress
- IFTTT and Zapier
A generic framework library for building your own custom receivers is also available, but in every case you need to host the receiver in a publically accessible website or the provider won’t be able to reach it.
Providing
ASP.NET also offers a framework for providing your own WebHooks for consumption by other applications. This consists of two parts, the WebHook infrastructure itself and the storage for WebHook registrations. Out of the box, SQL Server and Azure Table Storage are offered.
You can get a complete list of tutorials and samples on the .NET Web Development and Tools blog. The source code is available on GitHub under the Apache 2 license. The current release candidate requires ASP.NET MVC 5 and WebAPI 2.