A webhook is a reverse API call. Instead of your application repeatedly asking a service whether anything has happened, the service notifies you - an HTTP POST to a URL you registered - the moment an event occurs. For forms, the event is a new submission; the payload is the submission data as JSON. Webhooks are the universal adapter for anything email cannot do: creating a CRM contact, opening a ticket, enriching a lead, or starting a background job.
Production-grade webhooks have three requirements that simple ones skip. Deliveries should be signed with an HMAC signature so your endpoint can verify they are authentic. Failed deliveries should be retried with backoff rather than lost. And because retries exist, your handler must be idempotent so processing the same event twice is harmless.
The webhooks pillar guide covers signature verification, retries, idempotency, and replay in depth, and the webhook docs document the payload you receive.
Related terms
HMAC signature
A cryptographic code, computed from a payload and a shared secret, that lets a receiver verify a message is authentic and unaltered.
Form backend
A hosted service that receives, processes, and stores HTML form submissions so your website does not need its own server-side code.
CAPI (Conversions API)
Server-side conversion tracking that sends events directly from your server to an ad platform, bypassing the browser pixel's blind spots.
Read the full guide