A webhook in web development is a method of augmenting or altering the behavior of a web page or web application with custom callbacks. These callbacks may be maintained, modified, and managed by third-party users and developers who may not necessarily be affiliated with the originating website or application. The term "webhook" was coined by Jeff Lindsay in 2007 from the computer programming term hook.
Webhooks are "user-defined HTTP callbacks". They are usually triggered by some event, such as pushing code to a repository or a comment being posted to a blog. When that event occurs, the source site makes an HTTP request to the URL configured for the webhook. Users can configure them to cause events on one site to invoke behavior on another.
Common uses are to trigger builds with continuous integration systems or to notify bug tracking systems. Because webhooks use HTTP, they can be integrated into web services without adding new infrastructure.
When the client (the originating website or application) makes a webhook call to the third-party user's server, the incoming POST request should be authenticated to avoid a spoofing attack. Different techniques to authenticate the client are used:
the Connect notification service has been updated to support the Basic Authentication scheme with customers’ Connect servers (listeners).
Mutual TLS plus Client Access Control enables your listener app to ensure that the Connect notification message was sent by DocuSign and that it wasn’t modified en route.
Edited: 2021-06-18 14:12:15