What is a webhook?
A webhook is a mechanism for one application to push real-time event notifications to another via HTTP POST. When something happens in the sender application (a new lead is captured, a payment is received, a WhatsApp message is delivered), the sender calls a URL on the receiver with event data, typically in JSON format. The receiver processes the event and responds with an HTTP 2xx status code.
Webhooks are sometimes called "reverse APIs" because they invert the typical request-response pattern. Where an API has the client asking the server for data, a webhook has the server pushing data to the client. Both have their place: APIs for on-demand queries, webhooks for event notifications.
For Indian solar SaaS, webhooks are the backbone of real-time integration. Lead captured in CRM → webhook to accounting tool. Payment received in Razorpay → webhook to CRM updating status. e-Invoice IRN generated → webhook to ERP. WhatsApp message delivered → webhook to CRM status update. These integrations would otherwise require expensive polling.
Why webhooks matter
For solar EPCs running multiple tools, webhooks enable real-time data flow without manual sync. A payment confirmed in Razorpay shows up instantly in the CRM, not after a 15-minute polling cycle. A subsidy approval triggers customer notification immediately, not after the next batch job.
For SaaS vendors, webhooks are part of the standard API offering. Customers and partners expect webhooks for event-driven integration. SaaS without webhook support cannot integrate cleanly with modern automation tools like Zapier and Make.
For automation, webhooks are the foundation of no-code orchestration. Zapier, Make, n8n, and similar tools heavily use webhooks for triggers and actions. A solar EPC team without engineering can build sophisticated workflows by connecting webhooks across tools.
How a webhook flow operates
- Receiver provides URL. HTTPS endpoint with handler.
- Sender configured. URL registered for specific events.
- Event occurs. In sender system.
- Sender constructs payload. JSON with event data.
- HMAC signature added. For authentication.
- HTTP POST sent. To receiver URL.
- Receiver verifies signature. Authenticate sender.
- Receiver processes event. Business logic.
- Receiver responds 2xx. Acknowledges receipt.
- Retry on failure. Exponential backoff.
Benefits of webhooks
- Real-time integration. No polling delay.
- Efficiency. Data flows only when relevant.
- Workflow automation. Foundation for Zapier and Make.
- Decoupled systems. Loose integration.
- Event-driven architecture. Modern pattern.
- Scalability. Asynchronous handling.
- Cost. Fewer API calls than polling.
Limitations and challenges
Receiver availability. URL must be online.
Signature verification. Implementation effort.
Idempotency handling. Duplicate events possible.
Order delivery. Events may arrive out of order.
Retry logic. Failed deliveries need careful handling.
Debugging. Harder than synchronous API calls.
Webhook use cases for Indian solar SaaS
| Trigger | Action via webhook |
|---|---|
| Lead captured in CRM | Sync to accounting and notification |
| Razorpay payment received | CRM payment status update |
| e-Invoice IRN generated | ERP and CRM update |
| WhatsApp message delivered/read | CRM status update |
| Subsidy approved on portal | Customer notification |
| Net metering meter installed | Project status update |
Quick facts
| Definition | HTTP POST event notification |
|---|---|
| Direction | Push (server to client) |
| Format | JSON over HTTPS typically |
| Security | HMAC signature, IP allowlist |
| Retry | Exponential backoff, up to 24h |
| Receiver | HTTPS endpoint or Zapier/Make |
| Related | API, OAuth, automation, idempotency |
Common mistakes about webhooks
- No signature verification. Spoofing risk.
- No idempotency handling. Duplicate processing.
- HTTP (not HTTPS). Data exposure.
- Slow handler (over 30 seconds). Sender timeout.
- Returning non-2xx. Sender retries indefinitely.
- No retry budget. Failed deliveries lost forever.
- Hardcoded URLs. Inflexible to URL changes.
- No logging. Cannot debug.
Key takeaways
- Webhook pushes real-time event notifications via HTTP POST.
- Reverse API: server initiates, client URL receives.
- Powers real-time integration without polling.
- Foundation for Zapier and Make automation.
- For Indian solar SaaS, connects payment, accounting, messaging, CRM.
- Signature verification and idempotency are essential.
- Exponential backoff retry handles transient failures.
Frequently Asked Questions
What is a webhook?
A webhook is a mechanism for one application to push real-time event notifications to another via HTTP POST. When something happens in App A (new lead, payment received, message delivered), App A calls a URL on App B with event data. Webhooks are 'reverse APIs': instead of App B polling App A, App A pushes to App B.
How is a webhook different from an API?
API is pull (client requests, server responds). Webhook is push (server initiates, client URL receives). APIs are good for on-demand queries; webhooks are good for event notifications. Most SaaS provides both for different use cases.
What webhook events do solar CRMs support?
Lead created, lead status changed, proposal viewed, payment received, customer onboarded, document signed, support ticket opened, integration sync completed. Each event triggers a webhook call to any configured listener URL.
How does a webhook work end-to-end?
Recipient app provides a URL endpoint. Sender app is configured with that URL. Event happens in sender. Sender sends HTTP POST to the URL with event payload (typically JSON). Recipient processes the event and responds with 2xx HTTP code. Sender retries on failure.
Why use webhooks instead of polling?
Polling is wasteful (most checks return nothing). Webhooks are efficient (data arrives only when relevant). Webhooks enable real-time integration; polling adds latency. Quality SaaS provides webhooks for event-driven integration patterns.
What is webhook security?
Webhooks should be authenticated to prevent forged events. Common patterns: signed payloads (HMAC SHA-256 signature in header, verified by recipient), shared secrets, IP allowlisting. Quality SaaS publish webhook signature verification documentation.
What is webhook retry logic?
If recipient does not return 2xx HTTP code, sender retries the webhook with exponential backoff. Typical retry windows: immediate, 1 minute, 5 minutes, 30 minutes, 2 hours, 12 hours. Quality SaaS retry for up to 24 hours before giving up.
What is idempotency?
The property that processing the same event multiple times produces the same result. Since webhooks may be retried (and may sometimes deliver duplicates), recipients must handle idempotency. Use unique event IDs to detect and skip duplicates.
How are webhooks used in Indian solar SaaS?
Lead generated in QuickEstimate → webhook to accounting tool. Payment received in Razorpay → webhook to CRM. WhatsApp message delivered → webhook to CRM status update. e-Invoice IRN generated → webhook to ERP. Webhooks connect tools in real-time workflows.
What is the relationship between webhooks and Zapier/Make?
Zapier, Make, and similar automation platforms heavily use webhooks. A 'trigger' in Zapier often subscribes to a webhook from one app and forwards to actions in others. Webhooks are the underlying mechanism; Zapier provides the no-code orchestration.
Can I receive webhooks if I do not have a server?
Yes through webhook-to-action services. Zapier 'Webhooks by Zapier' receives HTTP POST and triggers Zapier flows. Make's 'Custom Webhook' module does the same. No-code Indian solar EPCs can integrate webhooks without dedicated infrastructure.
Are webhooks DPDP compatible?
Yes with proper handling. Webhooks may carry personal data; receivers must process per consent and purpose. Encryption in transit (HTTPS), signature verification, and access controls support DPDP compliance.
Run your solar business on QuickEstimate
India's mobile-first solar CRM. Send subsidy-ready proposals on WhatsApp in 60 seconds. Free for 10 proposals a month, no card.
Start free →Sources
- Stripe webhook documentation. Industry reference.
- Razorpay webhook documentation. Indian payment patterns.
- Twilio webhook patterns.
- Zapier and Make documentation. No-code webhook flows.
- QuickEstimate API and webhook documentation.
- OWASP webhook security guidance.
- Webhooks.fyi. Industry best practices.
Written by QuickEstimate Editorial, QuickEstimate Editorial (Surat).
Last updated: 4 June 2026.