Webhooks invert the polling model. Instead of you asking "anything new?" every 30 seconds, the provider tells you the moment an event fires. They're the backbone of every modern integration — Stripe payments, GitHub pushes, Slack messages, Twilio SMS deliveries.
A webhook is a normal HTTP POST. The body is JSON describing what happened. There's almost always a signature header (Stripe-Signature, X-Hub-Signature-256, X-Shopify-Hmac-Sha256) so your server can prove the message came from the provider rather than an attacker who found your URL.
Development is harder than prod because webhooks need a public HTTPS URL — your localhost can't receive them directly. Tools like lrok solve this by tunneling localhost to a public URL during development.