# Webhooks
## Why use Webhooks?
Webhooks are a powerful way for web applications to communicate with each other in real time. They enable one application to send automatic messages or information to another application as soon as a specific event occurs without requiring a request to be made to retrieve that information. This method of communication is event-driven and allows for immediate action, making it an essential tool for enhancing interactivity and responsiveness within and between applications. Whether updating a database, sending a notification, or triggering a series of actions, Webhooks provide a flexible and efficient means to automate workflows and improve user experiences.
## KORE Webhooks Overview
KORE offers several ways to configure Webhooks.
* Through an API call with a callback URL
* Configuring resources in a user interface with a callback URL
* Configuring a Webhook destination on Event Streams
### HTTPS
All Webhook endpoints you configure with KORE must be using HTTPS. KORE will not connect to an HTTPS URL with a self-signed certificate.
### Headers
Every event sent by KORE will contain headers. A subset of the ones to take note of are as follows.
| Property | Custom Header? | Detail |
| --------------------------------------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| [kore-idempotency-token](https://docs.korewireless.com/developers/webhooks/idempotency) | Yes | KORE Webhook supports [idempotency](https://en.wikipedia.org/wiki/Idempotence) for safely retrying requests without accidentally performing the same operation more than once. |
| [kore-signature](https://docs.korewireless.com/developers/verifying-callbacks-from-kore#signing-webhooks) | Yes | A signature that KORE signs so that developers can validate the source. |
| user-agent | No | The value will always be KoreProxy/1.1 |
| date | Yes | UTC date
(format: '%Y-%m-%dT%H:%M:%SZ')
|
### Best Practices
#### Quickly return a 2XX Response
When KORE sends an event to your configured Webhook URL, it will wait a pre-determined amount of time for a successful response (`2XX`) before failing, as defined in the connection settings property [Read Timeout](https://docs.korewireless.com/developers/webhooks/connection-settings).
If you have any complex or long-running operations, return a `2XX` response immediately and continue processing the information received.
#### Handling Duplicate Events
There may be a chance KORE sends the same event more than once. You can safeguard against this by logging and comparing the [idempotency](https://docs.korewireless.com/developers/webhooks/idempotency) tokens you receive in the header. The idempotency Token will not change if the same event is sent more than once.
#### Validate the authenticity of requests to your endpoint
KORE strongly encourages you to follow our [guide](https://docs.korewireless.com/developers/how-to/webhooks/validate-webhook-signatures) to validate that the events KORE has sent are indeed coming from KORE.
This will allow you to verify:
1. The contents haven't been tampered with
2. The events are coming from KORE.
{% hint style="warning" %}
KORE sends Webhook events from a pool of IPs; there is no specific range you can rely on to validate the Webhook are coming from KORE.
{% endhint %}
## Webhook Management Portal
KORE offers a [management portal](https://build.korewireless.com/webhook) and an API to configure your Webhook secrets.
## Getting Started with Webhooks
If you are new to Webhooks or looking to implement it in your applications, this [guide](https://docs.korewireless.com/developers/get-started/webhooks) will walk you through the basics, including how to set them up, send, and receive data.