Danger Casey

Camp Counselor

Webhooks: Lessons (Un)learned

Event Logo

Wednesday, July 26, 2023 - 9:00 PM UTC, for 1 hour.

Regular, 60 minute presentation

Room: G

webhooks
apis
security
design antipatterns
design patterns

Webhooks are a pillar of modern application development. They notify us of that new commit, an incoming text message, our email was delivered, and a payment was processed. Our systems can’t function without webhooks sending data seamlessly and securely across the internet. But what happens if they’re not secure? What happens if your webhooks are intercepted, manipulated, or even replayed against your systems? What are the best ways - as both a provider and consumer - to protect our systems? In this session, we’ll delve into the 100+ implementations we explored to build webhooks.fyi to identify the best and worst patterns to protect our systems now and in the future.

Prerequisites

Familiarity with a major API provider like Stripe, Twilio, Github, Slack, etc

favorited by:
Shawn Cannon Derrell Connor bryan shannon Adam Tegen Ken Samson YURSHIA XIONG Christopher Ebbert Eric Olsson Tim Kempster Lydia Schneider Ben Walters Drew Douglas Benjamin Gavin Dave Smith Mandy Hubbard Jon Meer Jacob Galloway Craigory Coppola Jason Von Ruden Elizabeth Groom Ron Dagdag Kevin Moens Adekunle Oduye David Tran Sushil Choudhary Brett Allenstein Chris Johnson Chris Rockwell James McCollum Stephanie Chamblee Bob Dankert Joshua Below Robert Derman Paul Schroeder Danger Casey Kevin Kelchen Derek Mulhausen Tim Miller Rolando Lopez