מתי להשתמש
"Webhook", "Event-driven", "Real-time", "Polling vs webhook", "Webhook security".
הוראות עבודה
1. Webhook = Reverse API
במקום לשאול ("Got new orders?") כל דקה, השרת מתקשר אליך כשיש משהו.
Polling vs Webhook
| Polling | Webhook | |
|---|---|---|
| Latency | 1-15 min | < 1 sec |
| Cost | Many requests | 1 request per event |
| Complexity | Simple | Setup webhook receiver |
| Reliability | Always works | If endpoint down — lost |
2. How Webhooks Work
- You register webhook URL with service.
- Event happens (new order, form submit).
- Service POSTs JSON to your URL.
- You receive + process.
- You respond 200 OK (acknowledge).
3. Setting Up — In No-Code
Zapier
- Trigger: "Webhook by Zapier" → "Catch Hook".
- Get unique URL.
- Paste in service settings.
Make.com
- Module: "Webhooks" → "Custom Webhook".
- Get URL.
- Configure.
n8n
- Trigger: "Webhook".
- Configure path, method.
4. Webhook Security
Problem
- Anyone with URL can POST garbage.
Solution: HMAC Signature
1. Service computes HMAC of body using shared secret.
2. Sends signature in header (X-Signature).
3. You compute HMAC on received body.
4. Compare. Match = authentic. Mismatch = reject.
Implementation
- Most providers (Stripe, GitHub, HubSpot) provide secret.
- Verify in code or via Make/n8n function nodes.
5. Retry Logic
Provider's responsibility (typically)
- Retry 3-5 times on non-2xx response.
- Exponential backoff (1s, 5s, 30s, 5m).
- Eventually marked failed → manual replay.
Your responsibility
- Respond fast (< 5 sec).
- Idempotent processing (handle duplicates).
- Queue if processing slow.
6. Idempotency — Critical
Problem
- Webhook delivered twice → 2 duplicate records.
Solution
- Each webhook has unique ID.
- Store processed IDs.
- Skip if already seen.
7. Queueing (when processing slow)
Pattern
- Webhook receives → push to queue (RabbitMQ/SQS/Redis).
- Respond 200 immediately.
- Worker processes from queue async.
Why
- Webhook timeout = 5-30 sec.
- Long processing → miss webhook.
8. Debugging Tools
Local Development
- ngrok (free) — tunnel localhost to public URL.
- localtunnel — alternative.
Inspect Payloads
- RequestBin / Webhook.site — capture + view incoming.
- Postman Mock Server.
Replay
- Most providers have "Resend" button in dashboard.
9. Common Use Cases
A. Stripe Payment → CRM
Stripe webhook: payment_succeeded
→ Make scenario receives
→ Create/update customer in HubSpot
→ Send Slack alert
B. GitHub Push → Deployment
GitHub webhook: push event
→ Trigger CI/CD
→ Deploy
C. Form → Multiple Systems
Typeform webhook
→ Zapier/Make
→ Branch:
- Add to CRM
- Notify Slack
- Send confirmation email
10. Common Pitfalls
❌ Slow processing — webhook times out, retries pile up. ❌ Not idempotent — duplicate records. ❌ No HMAC verification — security risk. ❌ No retry handling on your side — lost events. ❌ Webhook URL in source code — exposed.
11. Best Practices
- Respond fast (< 1 sec ideally).
- Queue heavy work.
- Verify HMAC in production.
- Log everything for debugging.
- Monitor failures (alert if 5+ in row).
- Keep secret rotated.
12. אסיים בהמלצה.
קלט נדרש
| פריט | תיאור |
|---|---|
| Source service | הספק |
| Destination | מה לעשות עם המידע |
| Volume | events/day |
| Tool | Zapier/Make/n8n |
פלט צפוי
| רכיב | תיאור |
|---|---|
| Webhook setup | steps |
| Security | HMAC plan |
| Idempotency | how to handle |
| Retry strategy | מה אם נופל |
| המלצה | פעולה אחת |
דגלים אדומים
- 🚨 Slow webhook receiver — pile of retries.
- 🚨 No HMAC — anyone can POST.
- 🚨 No idempotency — duplicates.
- ⚠️ No monitoring — silent loss.
הערות חשובות
- Webhooks > Polling almost always.
- Test with ngrok before deploying.
- Save sample payloads for tests.
פרומפט לדוגמה
Stripe webhook → HubSpot. Build it in Make.
Webhook getting 3-5 retries. למה ואיך לתקן?
Verify webhook signature ב-n8n. איך?
© 2026 Automation Expert Pro | גרסה 1.0.0