Webhooks: Lessons (Un)learned
Webhooks are a pillar of modern application development. They notify us of that new commit, an incoming text message, our email was delivered, and a payment was processed. Our systems can’t function without webhooks sending data seamlessly and securely across the internet. But what happens if they’re not secure? What happens if your webhooks are intercepted, manipulated, or even replayed against your systems? What are the best ways - as both a provider and consumer - to protect our systems? In this session, we’ll delve into the 100+ implementations we explored to build webhooks.fyi to identify the best and worst patterns to protect our systems now and in the future.
Familiarity with a major API provider like Stripe, Twilio, Github, Slack, etc