Webhooks are a pillar of modern application development. They notify us of that new commit, an incoming text message, our email was delivered, and a payment was processed. Our systems can't function without webhooks sending data seamlessly and securely across the internet. But what happens if they're not secure? What happens if your webhooks are intercepted, manipulated, or even replayed against your systems? What are the best ways - as both a provider and consumer - to protect our systems? In this session, we'll delve into the 100+ implementations we explored to build webhooks. fyi to identify the best and worst patterns to protect our systems now and in the future.
Webhooks: The Good, The Bad, and the Ugly
Presented by Keith Casey
Keith Casey serves on the Product/GTM Team at ngrok helping teams launch their systems faster and easier than ever before. Previously, he served on the Product Team at Okta working on Identity and Authentication APIs, as an early Developer Evangelist at Twilio, and worked to answer the Ultimate Geek Question at the Library of Congress. His underlying goal is to get good technology into the hands of good people to do great things. In his spare time, he writes at CaseySoftware.com and lives in the woods. He is also a co-author of "A Practical Approach to API Design."