API vs Webhooks
Internet applications today rely heavily on third-party integrations. And why wouldn’t they do it, when it helps developers focus more on the base product than on different features? For example, you can use a simple tool to manage your email marketing campaigns, or you can use a third-party payment provider to handle all payments on your website.
However, as third-party integrations diversify, developers have found a way to carry lightweight data that makes life easier for marketers and products. It’s all thanks to this new buzzword called webhooks.
Well, âwebhooksâ are more than just a buzzword today! A webhook is a new way of sharing data that is easy to implement. However, its similarity to APIs is often confusing among developers.
To demystify this confusion, this article will explain what webhooks are and how they are different from traditional APIs. We’ll also take a closer look at some of the practical use cases for webhooks.
A reminder on APIs
Before defining what webhooks are, it’s important to know what they aren’t. Since we’re comparing them to APIs, it’s best to understand what exactly an API is.
An API (application programming interface) is a web service that allows your application to interact with a database. Now your app can be anything: an eCommerce site, a SaaS product, or a networking app. When you want to display dynamic data there, you call an API. Or when you want to update some entries for a particular user, you call an API.
Structure of an API
An API typically consists of two components: a request and a response. The request is what triggers the API or the input it receives. The answer is what the API outputs. The client or caller receives this response from the API in return.
Within this structure, an API can be of any type: GET, PUT, POST, DELETE, etc. These are types of requests that tell an API what kind of action it should take.
To better understand, let’s take a look at a simple use case where you need an API.
Let’s say you have a networking app for freelancers. You are visiting a freelance writer’s profile page and you want to know more about them. As a developer you would think, Well, okay, I’ll just add a button to show more details. This is great, but when a user clicks this button, what you need to do is grab that extra data and show it to the user.
How an API works
So now your app requests this data through an API request. The API retrieves the relevant data from the corresponding database. Then this data is encapsulated in JSON format and returned to your application.
So that’s an API in a nutshell. You may have already known this, but it will help you better understand what webhooks are and how they are different.
What is a Webhook?
Webhooks are a type of web service that sends lightweight data when an event is triggered. They are used as a tool that notifies your application when certain user-driven events or actions are completed.
Remember I mentioned how third-party integrations are powering tech products today? Webhooks become of interesting importance when you integrate third-party applications or services into your software. Indeed, when these applications complete an action for your software, you need an automatic update on the status of this action. This is exactly where webhooks come in.
Let’s look at an example to understand how a webhook works by looking at a use case.
Let’s say you are the developer of a SaaS platform that millions of users have subscribed to. Since you want people to use your product, you also have a free tier.
Now imagine that there is a new user who is currently enjoying a free tier but wants to upgrade to a premium membership. Naturally, the user accesses your application and proceeds to payment. The payment provider requests the user’s contact details and tries to process the payment.
Several scenarios are now possible. Payment can fail instantly if the bank’s server is down. Or the payment may take some time due to the heavy load on the server. However, most likely the payment could be completed successfully. When this happens, a payment completion event occurs, which triggers a webhook.
This webhook now updates the user’s level from free to premium.
How a webhook works
But I know what you are probably thinking. Why not just get this updated status of the payment through an API call?
Think about the multiple scenarios I mentioned above. You don’t know when the payment will be made. You will need to continually make an API call until you receive a response. You would need a custom retry mechanism with timeouts. Definitely an exaggeration!
Instead of asking for the status of the payment every now and then, you can ask the payment provider to notify you when the payment is complete.
How webhooks differ from APIs
We have defined the definition of each type of web service. We know what webhooks are and what APIs are, and we’ve also seen a practical example of each.
So let’s extend this knowledge to understand how they are different from each other.
APIs are driven by requests. Your client or software will need to make an explicit API request to get a response from the API. It also means that you explicitly write a curl request or a fetch request to make this API call. If the request involves the transmission of certain parameters, you must also send them.
Webhooks, on the other hand, are driven by events. These events are mainly related to your user’s journey. Thus, when a user performs an action on your application or software, a webhook can be triggered. In most scenarios, you won’t write additional code to trigger a webhook.
Structure and complexity
There is a GET API for fetching data, a POST API for writing data, a DELETE API for deleting some data, etc. APIs have a fairly complex structure when it comes to using them. There is different API demand for different types of use cases. They can also return complex and nested JSON data. Overall, they require more server resources than webhooks. In a way, an API becomes a full-fledged web service that performs resource-intensive tasks.
Webhooks have a simple structure. They only send some data to the caller. Since the web service is getting minimal in this regard, it is not as resource intensive as an API. Since the data they send is straightforward, it is much lighter in this regard.
APIs provide two-way communication between the caller and the API itself. In other words, the client makes an API call to interact with the API. The API returns a response to the client and interacts with the client or caller.
Webhooks follow a one-way communication with the caller. The main application only receives some data. It does not interact directly with a webhook. Instead, it interacts with the caller which further triggers the webhook. In a way, your software or application only receives certain data from the webhook.
A user interacting with your app can see all API calls from the network tab if your app is on a web browser. Additionally, they might be able to make an API call directly to your server without letting those calls go through your application.
Webhooks are isolated from your application. It only receives incoming data that your application receives. There is no way a user can trigger it manually without performing the required action that triggers the webhook event.
Restrictive use cases
APIs are universal. You can build an API for anything you want, and you’ll probably use it as an integral component of your app just as widely. You absolutely need and want to use APIs for any kind of app you build.
Webhooks only have restrictive and specific use cases. Sometimes you might not even need them, and their presence is not essential for your application. The use of webhooks depends mainly on the third-party integrations that you manage in your application.
When to use which ones?
When you evaluate the web service that best meets your needs, consider what you want the web service for. If you want to trigger a personalized notification for users who want to know about recent updates on a trending news item, use a webhook. If you want to trigger a custom notification every time a new news item is fetched, use an API. Updating the subscription status of your users is another great webhook use case we’ve seen before.
So where should you use APIs? Finally, everywhere else!
Remember that APIs will always accompany webhooks. For example, in the previous example, when a webhook is triggered to update the user’s payment status, the webhook will optionally make an API call to update this user’s payment status in the database. data.
There is no competition between webhooks and APIs. They are both intended to solve different problems. Webhooks are an attempt to optimize your workflow where an API can add unnecessary complexity. However, they are not here to replace APIs in any way.
I highly recommend that you go ahead and create a little feature that allows you to use webhooks alongside APIs. You can create a simple newsletter app that triggers a Slack webhook to notify you of subscribers who are waiting to hear from you. Or maybe I’ll come back with another post where we build this and see webhooks in action!
The API vs Webhooks: How to know when to use each article appeared first on Traceable App & API Security.
*** This is a Syndicated Blog Security Bloggers Network Blog | Traceable App & Security APIs written by Siddhant Varma. Read the original post at: https://www.traceable.ai/blog-post/api-vs-webhooks-how-to-know-when-to-use-each