Webhook

Fires

When an HTTP POST request is received

When the workflow is run manually

Ouptut

✳️ HTTP JSON Body (JSON)

Ⓜ️ HTTP Metadata (object) (Optional)

Runs the workflow when an HTTP POST request is received.

Optionally, a JSON body can be specified to pass data into the workflow’s first action. See the Technical Details section below for more information.

Configuring the Webhook

When you first add the Webhook trigger to a workflow, you will see the following message in the properties pane:

The randomized webhook URL is not generated until the workflow definition is saved. Once saved, if you open the properties pane again, you will see your webhook URL:

Technical Details

The webhook currently supports the following HTTP configuration:

Protocols	HTTPS (TLS 1.2+)
Methods	POST
URLs	Automatically generated, can be partially regenerated
Content Types	`application/json`, `text/json`
Body	Optional - JSON Object
Response	`200 OK` (or, `202 Accepted`, if configured - see below)

Response Body

If the workflow was queued successfully:

JSON

{
	"error": false,
	"id": "0WXB15..................YY5",
	"queueTime": "2024-06-19T20:19:44"
}

If there was an error queueing the workflow:

JSON

{
	"error": true,
	"message": "Invalid JSON body: After parsing a value an unexpected character was encountered: \". Path 'sample', line 5, position 1."
}

You may suppress this response body by enabling the Omit Response Body setting (see below).

Authentication and Security

Your webhook URL does not require any authentication, API key, or custom HTTP headers to work. The URL is randomized and virtually impossible to guess. Still, it is important to keep your URL safe and only use it or share it with third parties that you trust.

Just how secure is it, really?

The URL has (roughly) 2.9 × 10³⁷ possible combinations.

Currently (as of Q4 2023), the strongest supercomputer (about 1 exaFLOP) can run 3.15×10²⁵ operations per year.

That means it would take even the strongest supercomputer on the planet 9.2×10¹¹ years (about 920 billion years) to guess the URL.

Even if you somehow harnessed the entire compute power that humankind has available on the planet today (roughly 10²³ FLOPs), it would still take over 9 million years to guess your URL.

If you believe that your URL has been compromised, or you would otherwise like to regenerate your random webhook URL, you can press the [ Regenerate URL ] button in the properties pane of the webhook trigger.

Warning: Regenerating the URL and saving the workflow will immediately cause any integrations or vendors using the old URL to stop working. Those webhook requests using the old URL will receive an error response.

Limitations

It is not currently possible to have a webhook wait for the workflow to complete (either synchronously or asynchronously via polling) and return the data that was outputted from the workflow. (This functionality may be added in the future.)
The only supported HTTP verb is “POST”.
The only content type accepted is JSON (or no body).

Properties

Name	Type	Notes
🅾️ Metadata Output Property	Text	If specified, the metadata for the HTTP request from the webhook will be stored inside this property and made available in the workflow pipeline. This metadata includes the remote host information and the HTTP headers.
Return 202 Accepted	Checkbox	If checked, a successful HTTP request will be responded to with `HTTP 202 Accepted` instead of `HTTP 200 OK`. Note: Enabling this setting does not activate asynchronous polling on the workflow endpoint for the workflow status, it only changes the response code for compatibility reasons. Asynchronous status polling is not currently available for the webhook trigger, but may be added in a future release.
Omit Response Body	Checkbox	If checked, the default response body that is returned (see above) will be suppressed, and instead, no body will be returned.