I'm very excited to finally announce Standard Webhooks! We have been working on it for almost a year with some amazing partners. Gathering feedback, exploring use cases, debating aspects of the spec, and refining it to what we have in front of us today.
It's only been out for a few days, but it's already making an impact in the industry, being adopted by a variety of different tools, and getting feedback and contributions from the community.
So what is it? Standard Webhooks is an initiative to standardize webhooks and make them better for producers, consumers, and the ecosystem as a whole. In practice, it is a set of open-source tools and guidelines for sending webhooks easily, securely, and reliably.
You can read more about it at https://github.com/standard-webhooks/standard-webhooks or https://www.standardwebhooks.com/.
Webhooks are becoming increasingly popular and are used by many of the world's top companies for sending events to users of their APIs. However, the ecosystem is fragmented, with each webhook provider using different implementations and varying quality. Even high-quality implementations vary, making them inherently incompatible. This fragmentation is a pain for the providers and consumers, stifling innovation.
For consumers, this means handling webhooks differently for every provider, relearning how to verify webhooks, and encountering gotchas with bespoke implementations. For providers, this means reinventing the wheel and redesigning for issues that have already been solved (security, forward compatibility, etc.).
We proposed a simple solution: standardize webhooks across the industry. We codified a set of strict webhook guidelines based on the existing industry best practices.
While creating the spec, we made two important design decisions. The first is to meet people where they are. This means that we wanted to follow and codify industry best practices rather than invent our own best practices. The second is to not be overly strict and let people be able to conform without forcing breaking changes, even if it means not all implementations will get all of the benefits the specification provides.
Another guiding principle was that it's better to have a widely adopted great spec, than an unused perfect one. It's our job to continue building tools to make it easier to build conforming implementations than non-conforming ones.
I'm extremely proud of what we have created, and I think it can have a massive impact on the industry (already starting). I'm also extremely excited by the quality of the people working on it and how much I've learned from working with everyone on this. I think about webhooks all day every day, and I've seen thousands of different implementations in a variety of industries due to my work on Svix; though I still learned so much from everyone's feedback and perspective and from the process of writing this spec with everyone.
So I wanted to take a moment to give a big shoutout to fellow technical steering committee members: Brian Cooksey from Zapier, Ivan Gracia from Twilio, Jorge Vivas from Lob, Matthew McClure from Mux, Nijiko Yonskai from ngrok, Stojan Dimitrovski from Supabase, and Vincent Le Goff from Kong. I'm excited to continue working on this with you all. Big thanks to everyone else who provided feedback on the spec: the Svix team, Brian Krausz, Jeff Lindsay, and many others.
I strongly believe "Standard Webhooks" can do to webhooks what JWT did to API authentication. Having a common protocol that is consistent will enable a variety of implementations to interoperate. This also means less redundant code, fewer security issues, and new tools and innovation in the ecosystem.
We are already starting to see the results of this spec: ngrok has built-in support for Standard Webhooks, we created a few reusable testing tools, there is the set of [webhook verification libraries](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries), and much more. This means that every Standard Webhooks compatible implementation can now benefit from all of these with no additional effort.
Svix customers are Standard Webhooks compatible out of the box, which means that Svix customers get all of the above benefits for free as well. Additionally, as the ecosystem continues to grow, all of the compatible implementations will work with even more tools and services.
There are many additional benefits in the pipeline. For example, one of the most painful aspects of webhooks is the signature verification (we see it all the time with our customers' consumers). With Standard Webhooks, API gateways like Kong can just implement it on their end, saving their customers the hassle. Tools like Zapier, for example, can have built-in support for the verification as well, making it transparent to their customers.
There are many more use cases that I'm excited by, but I'm most excited by all the use cases that we haven't even thought about yet. I can't wait to see where the community takes this.
For more information, please take a look at:
- The website: https://www.standardwebhooks.com/
- The Github repo (and spec): https://github.com/standard-webhooks/standard-webhooks
Also published here.