A webhook is an HTTP request fired by one system to notify another that something happened. Think of it as a phone call that says 'event X just occurred at 14:32 UTC, here are the details.' The receiving system reacts.

Webhooks for real-time events. Polling for cases where you cannot control the source or where you genuinely only need data on a schedule. Avoid polling APIs that charge per request - the cost adds up.

Zapier is the leader in mainstream no-code automation - polished, expensive, simple to start. n8n is open-source, self-hostable, and dramatically more flexible at scale. Choose Zapier for speed-to-value, n8n for cost control or compliance.

Three different tools for three different shapes. Read our comparison: Temporal deep-dive and Inngest vs Temporal.

Three layers: signature verification (HMAC of the request body using a shared secret), IP allow-listing where the sender publishes IPs, and idempotency keys to prevent duplicate processing. Skipping signature verification is the most common mistake.

Most major platforms allow 100-1000 webhook calls per minute per receiver. Plan for 5x your steady-state volume to handle bursts. Use a queue (SQS, Redis, RabbitMQ) between the webhook receiver and your processing logic.

Order: confirm the source platform sent the event (provider logs), confirm DNS resolves, confirm TLS handshakes succeed, confirm the receiver returns 2xx within 10 seconds. Most failures are TLS or timeout, not logic.