DEV Community

Palomino for Logto

Posted on • Originally published at blog.logto.io

Webhooks vs. polling

This article will compare webhooks vs. polling, analyze the advantages and disadvantages of each approach, and discuss when to use which.

Image description
When we build Web apps, we often have multiple services. In the vast majority of cases, they consist of many different Web services working together. In this type of Web app that consists of multiple services, how to transmit data is something that every developer needs to consider.
When it comes to solving this problem, two approaches have become mainstream: webhooks and polling. Each method provides a unique way to fetch and deliver data from one service to another. Choosing one over the other can have a big impact on your application's efficiency, real-time capabilities and overall user experience. This article will compare webhooks vs. polling, analyze the advantages and disadvantages of each approach, and discuss when to use which.

What is polling?

Polling (often referred to as API polling) is the process in which a client requests specific data at regular intervals (let's say, every x seconds), and the server responds with the requested data.

Think of it as asking, “Is there any new data?” at regular intervals. Polling can be implemented via HTTP requests, where the client sends a GET request to the server and the server responds with the requested data.

Imagine that John built an AI documentation product name Doc.AI and uses Logto for user identity management.

Frank is a user who signed up with John's product and created his own personal account. One day, Frank joins a workspace created by his friend David. At that moment, John wants to email Frank to ask him to turn on Multi-Factor Authentication (MFA) to enhance his account security before John grants him access to additional sensitive resources.

John's product backend needs to constantly poll relevant APIs to know when Frank joins David's workspace.
Image description

What is webhook?

A webhook (i.e. "HTTP callback") is a mechanism for real-time data communication, whereby a server will send data to a client when an event occurs. Rather than a client requesting data, a webhook pushes it out to the client every time there is an update.

Think of it as an inbox for your application. When certain events happen - for example, a new user signs up or a payment is made - a webhook will drop a message into the inbox to let your application know what's going on.

Let's continue with our Doc.AI example that we used earlier to explain polling. Here is what the sequence diagram will look like if we are using webhooks to find out if Frank has joined David's workspace:
Image description

Important differences

  • Request origin Polling is initialized by the client (in our example, Doc.AI is client and Logto is the server) and webhook is triggered by event and started by the server.
  • Resource consumption Polling is a waste of computational resource because it sends requests at regular intervals, resulting in low efficiency of computational resources. On the other hand, webhook is initiated by the server "on demand". Compared with polling, both the client and the server consume much less resources.
  • Timing Polling is client-initiated, so the client can control the timing of data acquisition; However, webhook is server-initiated, and the client can only receive and process data. However, due to the different mechanisms of the two, webhook can achieve real-time data synchronization, which cannot be achieved by polling.

Which one should I pick?

Based on the mechanisms of polling and webhooks, the common practice is to choose polling only when the data is frequently updated and the real-time requirement for data is not strict. In other cases webhooks would be a better choice.

However, when choosing to use webhooks, developers need to pay attention to the following concerns:

  1. If the system is highly dependent on the acquired data, it is necessary to consider having a backup plan to acquire data when the webhook fails and data cannot be synchronized, including but not limited to polling or requiring the webhook to have a resend mechanism, etc.
  2. In the client-side endpoint receiving webhooks, API secret and content signature verification, etc. should be applied to prevent hackers from attacking the client by faking the webhook.
  3. As the webhook may send duplicate requests, corresponding processing is required at this time to prevent data duplication and inconsistency.

Logto, as a tremendously popular user identification solution, offers affluent webhook scenes and excellent security. Using Logto as your products identity system, it can be easily integrated and fit various application scenes.

Try Logto Cloud for free

Top comments (6)

Collapse
 
martinbaun profile image
Martin Baun

Love this, very informative.

Collapse
 
sheenazien8 profile image
Sheena Zien

Cool thanks, easily to understand 🔥

Collapse
 
fredg_prod profile image
Frédéric G. (FredG_ProD)

Polling is sometimes the only viable solution when server-initiated flows are restricted to external clients. For real-time communication that originates from the client, WebSockets offer an alternative, although they require the TCP connection to be kept alive, occasionally through a keepalive signal. The webhook methodology can be implemented using the Server-Sent Events (SSE) protocol.

Collapse
 
nikunjbhatt profile image
Nikunj Bhatt

Webhook is for Server to Server HTTP request, not Server to Client. However, request from Server to Client can be implemented if socket is used. But still, first request is sent from Client to Server using socket also.

Collapse
 
_879319853d4e4c13ac31a profile image
Jeffry Christian

It might be more accurate to say "service-to-service" here. When we talk about whether a particular service is a server or a client, the conclusion will vary depending on the use case we are discussing.

Collapse
 
lexlohr profile image
Alex Lohr

You seem to confuse webhooks (server to server) with push notifications. There are alternatives: web socket and webRTC.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.