We're pleased to announce the launch of Standard Webhooks!
Kong has been part of the Technical Committee of this standard with other great companies like Svix (the initiator of the project), Ngrok, Zapier, Twillio, Lob, Mux, and Supabase. This was a year-long effort of gathering feedback, use cases, and debating about what and how to define what landed.
Standard Webhooks is one initiative to standardize the way producers and consumers can have a contract to communicate. This materializes by open-source repositories containing sets of guidelines and libraries to make those contracts secure and easy to integrate.
More details are available on the GitHub repository and the official website.
Webhooks act as HTTP callbacks that enable services to notify one another about events. They function as a "reverse API," where instead of a client initiating requests to a service via an API call, the service proactively triggers a webhook to push updates to the client. For example, a service might trigger webhooks for events like "a user has paid" or "task is complete."
Webhooks facilitate server-to-server communication. The client/customer and the service providers involved typically operate their own HTTP servers — one server to receive API calls, and another to receive incoming webhooks. While webhooks often complement traditional APIs, this is not a requirement. Some services rely solely on webhooks for push notifications rather than offering APIs for clients to poll for updates.
Webhooks are becoming increasingly popular and are used by many of the world's top companies for sending events to users of their APIs. However, the ecosystem is fragmented, with each webhook provider using different implementations and varying quality. Even high-quality implementations vary, making them inherently incompatible.
For consumers, this means handling webhooks differently for every provider, relearning how to verify webhooks, and encountering gotchas with bespoke implementations. For providers, this means reinventing the wheel and redesigning for issues that have already been solved (security, forward compatibility, etc.). This fragmentation is a pain for the providers and consumers, stifling innovation.
The proposal is simple: standardize webhooks across the industry. We codified a set of strict webhook guidelines based on the existing best practices.
Another guiding principle was that it's better to have a widely adopted great spec than an unused perfect one. It's by this north star that the team is building a great developer experience toolset.
If you're a Kong Konnect user, you might already be aware of the audit-logging feature which uses webhooks. This is Konnect's first webhook feature and engineering is working on more for 2024.
The lack of a standard in this ecosystem makes our implementations heterogeneous from the consumer point of view, as teams need to be in sync on how we expose X, Y, and Z. This leads to slower development and potential developer/consumer frictions.
From the engineering standpoint, Kong Konnect already consumes several vendor webhooks, and the “relearning how to verify webhooks, and encountering gotchas with bespoke implementations,” is definitely something we'd like to abstract from our developments.
Many other fields have been already solved, like authentication and authorization with OIDC, zero trust with mTLS, and API definitions with OpenAPI. Now it's the time for webhooks.
As Kong is a core contributor to the project, we’ll strive to promote this standard via our products either in Kong Konnect, Kong Gateway, or Kuma.
APIs are the connective tissue of digital products and services, and they're the lifeblood of AI. APIs shape customer experiences, power partner ecosystems, and accelerate enterprise innovation. As organizations double down on API-first strategies,
The pace of the industry today is pressuring software developers to build, test, and release software more frequently than ever. To achieve this pace, teams have built two core processes into their workflow: Continuous Integration and Continuous Dep
While JSON-based APIs are ubiquitous in the API-centric world of today, many industries adapted internet-based protocols for automated information exchange way before REST and JSON became popular. One attempt to establish a standardized protocol sui
This post is part of a series on becoming a secure API-first company. For a deeper dive, check out the eBook Leading Digital Transformation: Best Practices for Becoming a Secure API-First Company . The growth of APIs isn't just rapid — it's a seism
In this Kong Konnect tutorial, you'll learn how to leverage the platform to manage your API ecosystem from a single easy-to-use interface. We’ll run through how to: Use Konnect Runtime Manager to set up your own Kong Gateway runtime instance i
There are many different ways to deploy Kong Gateway. In this post, Viktor Gamov (Principal Developer Advocate at Kong) walks through the four most popular ways. Depending on your particular use case, you may find that one or more of these is a goo
Developers will remember times when they were trying to figure out why something they were working on wasn’t behaving as expected. Hours of frustration, too much (or perhaps never enough) caffeine consumed, and sotto voce curses uttered. And then