Sign in Subscribe
Software

Webhooks: What They Are & How We Use Them at Hoomanely

Umang Kedia

Umang Kedia

6 min read
Webhooks: What They Are & How We Use Them at Hoomanely

Modern apps depend on instant communication between systems — payment gateways, shipping partners, analytics tools, marketing automation, and your own backend. Webhooks are the invisible mechanism that makes all of this work in real time.

If APIs are pull-based (you ask for data), webhooks are push-basedthe other system sends data to you automatically whenever something important happens.

This makes webhooks perfect for scenarios like:

  • order updates
  • payment success/failure
  • shipping events
  • email delivery status
  • app install attribution
  • IoT/device callbacks

In this blog, we'll break down what webhooks are, why they matter, and how we use them inside the Hoomanely ecosystem to run a smooth e-commerce + mobile app + pet-care platform.

1. What Exactly Is a Webhook?

A webhook is a server-to-server HTTP callback triggered when an event occurs.

Example: Customer completes payment → Razorpay instantly sends a POST request to your backend → you act on it.

Webhooks = Events → HTTP POST → Your Server

This makes them:

  • real-time
  • automated
  • efficient
  • perfect for integrations

Instead of asking "Has something changed?" every minute, the provider tells you instantly.

The Problem Webhooks Solve

Before webhooks, systems relied on polling — repeatedly checking if something changed. This meant:

  • Wasted API calls (thousands of requests with no new data)
  • Delays (you only check every X minutes)
  • Server load (constant unnecessary traffic)
  • Increased costs (more requests = higher bills)

Webhooks flip this model: the provider notifies you the moment something happens. This is why every modern SaaS platform offers webhooks.

2. API vs Webhook

Feature API Webhook
Who starts it? You (client) External system
How often? Whenever you call Whenever event happens
Latency Depends Instant
Best for fetching data event notifications

Use APIs when you need data, use webhooks when the system should notify you.

Real-World Analogy

API: You call the restaurant every 5 minutes asking, "Is my order ready?"

Webhook: The restaurant calls you once your order is ready.

Which one is smarter? Webhooks.

3. How a Webhook Works (Step-by-Step)

  1. An event occurs (e.g., payment success)
  2. Provider prepares event payload (JSON)
  3. Provider signs the request (HMAC or signature)
  4. Provider POSTs to your webhook URL
  5. Your server validates the signature
  6. Your server processes the event
  7. You respond with 200 OK
  8. Provider retries if your server is down

That's it — simple, powerful, reliable.

Example Webhook Payload (Razorpay Payment)

{
  "event": "payment.captured",
  "payload": {
    "payment": {
      "id": "pay_ABC123XYZ",
      "amount": 49900,
      "currency": "INR",
      "status": "captured",
      "order_id": "order_XYZ789",
      "email": "customer@example.com",
      "contact": "+919*********"
    }
  },
  "created_at": 1704067200
}

Your server receives this, validates it, and processes the order — all in milliseconds.

4. Securing a Webhook

Webhooks carry sensitive information. Good systems must verify:

✔ Signature (HMAC-SHA256)

Confirm the event actually came from the provider.

Why it matters: Anyone could POST fake data to your webhook URL. Signature verification ensures authenticity.

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return signature === expectedSignature;
}

✔ Idempotency

Avoid double-processing events when retries happen.

Implementation: Store a unique event_id in your database. If you've already processed it, skip it.

✔ Rate limiting & throttling

Prevent spam or unexpected load.

✔ Logging & monitoring

Every webhook should be traceable.

Best practice: Log the raw payload, signature, timestamp, processing status, and any errors.

✔ IP whitelisting (if provided)

Accept requests only from official provider IPs.

✔ Use HTTPS Always

Never expose webhook endpoints over HTTP. Always use SSL/TLS encryption.

In short: never trust a webhook blindly.

5. Common Webhook Challenges & How to Handle Them

Challenge 1: Retries & Duplicate Events

Providers retry failed webhooks. Your system might receive the same event multiple times.

Solution: Use idempotency keys to track processed events.

Challenge 2: Out-of-Order Events

Events might arrive out of sequence (e.g., "shipped" arrives before "picked up").

Solution: Use timestamps and state machines to handle order logic correctly.

Challenge 3: Webhook Downtime

If your server is down, you miss events.

Solution: Providers usually retry for 24-72 hours. Have fallback polling for critical events.

Challenge 4: High Traffic Spikes

During flash sales, thousands of webhooks hit your server simultaneously.

Solution: Use message queues (SQS, RabbitMQ) to buffer and process asynchronously.

6. Webhooks in Action at Hoomanely

Hoomanely uses webhooks to connect payments, orders, shipping, marketing, attribution, and internal operations — making the whole system feel real-time and automated.

Here are the major real-life use cases.

6.1 Razorpay → Payment Confirmation Webhooks

When a customer pays:

  • Razorpay sends a webhook to our backend
  • We verify the signature
  • Create/update the order
  • Trigger Shopify draft order creation
  • Update the app instantly
  • Send confirmation email + push notification

This ensures payments are 100% verified and tamper-proof.

Why this matters: Without webhooks, we'd have to poll Razorpay every few seconds, creating delays and unnecessary load.

6.2 Shopify → Order & Fulfillment Webhooks

Shopify sends webhooks for:

  • order created
  • order paid
  • order fulfilled
  • order cancelled
  • order refunded
  • inventory updated

We use these events to:

  • sync order status with the mobile app
  • trigger shipping flows
  • track customer lifecycle
  • update analytics
  • send notifications
  • manage inventory

This ensures the app & dashboard always show accurate order status.

6.3 Shiprocket → Shipping Updates

Shiprocket sends event updates like:

  • label generated
  • pickup scheduled
  • shipped
  • in transit
  • out for delivery
  • delivered
  • failed delivery
  • returned

We process these via webhook → update internal databases.

Shipping feels real-time without us polling anything.

User experience impact: Customers see live tracking updates in the app without refreshing.

6.4 Customer.io → Email Status Webhooks

Customer.io sends:

  • delivered
  • opened
  • clicked
  • bounced
  • unsubscribed
  • spam reported

We use these events for:

  • analytics
  • campaign optimization
  • user behavior mapping
  • segmentation
  • re-engagement triggers

This improves communication quality with users.

Business value: We can identify which emails drive conversions and optimize future campaigns.

6.5 AppsFlyer → Install Attribution Webhooks

AppsFlyer sends install attribution data via:

  • install callbacks
  • re-engagement callbacks
  • in-app event callbacks
  • uninstall callbacks

We sync this with:

  • backend
  • CRM
  • analytics
  • internal dashboards

This helps us understand which campaigns bring installs and revenue.

ROI tracking: Know exactly which ad spend drives actual purchases, not just installs.

6.6 Internal Webhooks → Slack Alerts

We also send outgoing webhooks to Slack when:

  • Critical failures occur
  • payments fail
  • API errors spike
  • Suspicious logs appear
  • Lambda exceptions happen
  • high-value orders complete

This keeps engineering & operations always informed.

Operational efficiency: No one needs to check dashboards constantly — alerts come to us.

6.7 Stripe/Payment Gateway Webhooks for Subscriptions

For subscription-based services (if applicable):

  • subscription created
  • payment succeeded
  • payment failed
  • subscription cancelled
  • trial ending
  • card expiring

Use case: Auto-renew pet care plans, notify users before renewal, handle failed payments gracefully.

7. Why Webhooks Matter for Hoomanely

Webhooks allow Hoomanely to operate like a fully connected real-time platform:

✔ Instant order updates in app

No refresh button needed.

✔ Real-time shipping notifications

Users always know their delivery status.

✔ Accurate payment verification

Prevents fraud & double-charging.

✔ Automated workflows

No one manually checks dashboards.

✔ Seamless e-commerce + app sync

Shopify ↔ Razorpay ↔ Shiprocket ↔ Backend ↔ App

✔ Advanced analytics

Install attribution, Email performance, Conversion insights

✔ Reduced engineering load

Systems talk to each other automatically.

✔ Better customer experience

Real-time updates create trust and transparency.

✔ Scalability

Handle 10x traffic without changing architecture.

Simply put:

Webhooks glue the entire Hoomanely ecosystem together.

8. Best Practices for Webhooks at Scale

Here are the rules we follow:

✔ Keep endpoints simple & fast

Return 200 OK quickly — heavy tasks go to a queue.

Target: Respond in under 100ms.

✔ Use queues (SQS, RabbitMQ)

Prevents failures during traffic spikes.

✔ Keep handlers idempotent

Repeat events must not break logic.

✔ Log everything

Every event has full traceability.

What to log: Raw payload, headers, signature, timestamp, processing result, errors.

✔ Set timeouts & retries

To handle provider retry behavior.

✔ Store raw payload

Useful for audits and debugging.

✔ Monitor failure rate

If retries spike → something is broken.

✔ Use environment-specific URLs

Separate webhook URLs for dev, staging, and production.

✔ Test webhooks thoroughly

Use provider test modes and webhook testing tools like webhook.site.

✔ Have fallback mechanisms

Combine webhooks with periodic polling for critical events (insurance against missed webhooks).

These practices make a webhook system production-ready.

9. Tools & Resources for Working with Webhooks

Testing & Debugging

  • webhook. site — inspect incoming webhooks
  • ngrok — expose local servers for testing
  • Postman — simulate webhook calls

Monitoring

  • Datadog, New Relic — track webhook performance
  • Sentry — catch and debug errors
  • CloudWatch Logs — AWS-based monitoring

Security

  • Let's Encrypt — free SSL certificates
  • AWS WAF — protect webhook endpoints
  • Rate limiting middleware — prevent abuse

Conclusion

Webhooks are one of the simplest concepts in web development — yet they power some of the most critical workflows in modern apps.

From payments to shipping to marketing to analytics, Hoomanely uses webhooks to create a smooth, fully automated, connected experience across mobile, e-commerce, backend systems, and operations.

They help us:

  • process events instantly
  • sync multiple platforms
  • automate repetitive tasks
  • deliver real-time updates
  • optimize user communication
  • improve reliability & speed
  • reduce infrastructure costs
  • scale effortlessly

In today's world of fast-moving mobile ecosystems, webhooks are not just a feature — they are the backbone of modern system integration.

Whether you're building an e-commerce platform, a SaaS product, or a mobile app, understanding and implementing webhooks correctly is essential for creating seamless, real-time experiences that users expect.

Read more