FWIW, http://fanout.io is a SaaS that can do webhooks distribution. No introspection yet though.

And then you have to inform the service when there are relevant changes which requires secure communications to the service, retry attempts in the event of failure, and debugging...?

What kinds of consumers, you mean? I've found them most useful for integration with new hosted services that haven't yet made it onto the external services list provided out-of-the-box by Github. For instance, when you want to try out (or develop) some new project tracker or hosted CI solution.

I'm a little surprised they still don't offer any auth configuration for webhooks the way they do for most external services, so you're stuck with basic auth on the post-receive URL.

There's some HMAC-SHA1 available but it's hidden in their REST API. I really don't understand why the option is not available via their web interface, especially since it is already supported in their backend.

Yea, it's definitely true in the Stripe world. I end up re-writing boiler plate for each project. (i.e, send a receipt from this webhook, etc.)

I ended up writing an independent service for it[1], but it'd be cool to let someone else deal. Also, to make receipts nice, and so on.

[1]: https://github.com/pearkes/stripe-hooks

We can help with the introspection: http://blog.runscope.com/posts/api-providers-build-a-twilio-...

xp-dev.com has had webhooks since 2010-ish:

https://xp-dev.com/docs/d/user-guide/repositories/webhooks