1. Beyond The Callback:
Webhook Testing For Modern
Applications
By Dimpy Adhikary, Quality Analyst, Thoughtworks

2. Agenda
01 - Introduction to Webhook
Why/What/How
02 - Webhook Demo
Simple webhook implementation
03 - Challenges in Webhook
What can go wrong
04 - Webhook Testing Strategy
How to test a webhook based application

3. ECOMMERCE
Inventory Management
Use Cases
MARKETING AUTOMATION
Personalized Campaign
HEALTHCARE SERVICES
Patient Data Sharing
FINANCIAL SERVICES
Loan Application
Process
Why Webhook

4. ECOMMERCE
What is Webhook
Source app Payload Destination App
Event Webhook URL
Webhook is a user specified HTTP callback that get
triggered by some event to connect and share data between two applications.

5. How Webhook Works
Register For
The Event In
Source App
Received Data
And Taking Action In
Source App
Repeat
The Process
Waiting For
The Event In Destination
App
Setting Up The
Webhook (Callback URL)
In Source App
Event
Is triggered In
Source App

6. ECOMMERCE
Polling Vs Webhook
Polling Webhooks
Request origin Client Server
Trigger Client-initiated Server-initiated
Frequency Scheduled or continuous Event-driven
Efficiency Less efficient More efficient
Scalability Less scalable More scalable

7. Weather Notification - Webhook Demo
Prerequisite:
- Python (pip install flask,requests)
- Curl
● Users can subscribe to receive weather updates for specific cities.
● When the weather conditions match their preferences, a webhook is sent
to the user's registered endpoint.
Implementation:
- sender.py - Send webhook
notification
- receiver.py - Listen for incoming
weather notification.
Simulation of the event: curl -X POST -H "Content-Type: application/json" -d '{"city": "city1",
"weather": "sunny", "user_endpoints": {"city1": "http://localhost:3000/receive_weather_notification",
"city2": "http://localhost:3000/receive_weather_notification"}}'
http://localhost:5000/simulate_weather_update

8. Challenges in Webhook
Payload
- Contract change
- Missing data
- Invalid data
Configuration
- IP white listing
- Incorrect URL/payload format
- Token expiry
- Incorrect token/credentials
- Wrong event association
- Incorrect rate limiting
Error Handling
- Unhandled errors
- No error retry
mechanism
- No error notification

9. Challenges in Webhook
Performance
- Slow webhook processing
- Timeout error
- Resource exhaustion
- Scalability issues
Resilience
- Availability
- Idempotence
- External dependencies
- Async communication
- Network failures
Security
- Unauthorized access
- Data breaches
- Replay attacks
- DoS attacks
Compliance
- Data privacy regulations
(GDPR)
- Financial regulations (PCI)
- Industry-specific
regulations (HIPPA)

10. Testing
Strategy
Functional Testing
- Configuration
- Error handling
- Integration
- User journey
Reliability Testing
- Simulating failures
- Infra testing
- Retry mechanism
- Monitoring
Performance Testing
- Load/Stress/Volume testing
Contract testing
- Payload/schema
- Consumer/provider
driven
Compliance Testing
- Data compliance
- PCI/PII
Security Testing
- OWASP top 10
- Attack simulation