Webhook

Runs the workflow when an HTTP POST request is received.

Optionally, a JSON body can be specified to pass data into the workflow’s first action.

Note: Fires: When an HTTP POST request is received and when the workflow is run manually.

Note: Output: HTTP JSON Body (JSON) and HTTP Metadata (object) (Optional)

Configuring the webhook

When you first add the Webhook trigger to a workflow, you will see the following message in the properties pane:

The randomized webhook URL is not generated until the workflow definition is saved. Once saved, if you open the properties pane again, you will see your webhook URL:

Technical details

The webhook currently supports the following HTTP configuration:

Protocols

HTTPS (TLS 1.2+)

Methods

POST

URLs

Automatically generated, can be partially regenerated

Content Types

application/json, text/json

Body

Optional - JSON Object

Response

200 OK (or, 202 Accepted, if configured - see below)

Response body

If the workflow was queued successfully:

Copy
{
    "error": false,
    "id": "0WXB15..................YY5",
    "queueTime": "2024-06-19T20:19:44"}

If there was an error queueing the workflow:

Copy
{
    "error": true,
    "message": "Invalid JSON body: After parsing a value an unexpected character was encountered: \". Path 'sample', line 5, position 1."}

You may suppress this response body by enabling the Omit Response Body setting.

Authentication and security

The webhook URL does not require any authentication, API key, or custom HTTP headers to work. The URL is randomized and virtually impossible to guess.

Important! Keep your URL safe and only use it or share it with third parties that you trust.

How secure is it?

  • The URL has (roughly) 2.9 × 1037 possible combinations.
  • Currently (as of Q4 2023), the strongest supercomputer (about 1 exaFLOP) can run 3.15×1025 operations per year.

That means it would take even the strongest supercomputer on the planet 9.2×1011 years (about 920 billion years) to guess the URL.

Even if you somehow harnessed the entire compute power that humankind has available on the planet today (roughly 1023 FLOPs), it would still take over 9 million years to guess your URL.

If you believe that your URL has been compromised, or you would otherwise like to regenerate your random webhook URL, you can click [ Regenerate URL ] in the properties pane of the webhook trigger.

Warning! Regenerating the URL and saving the workflow will immediately cause any integrations or vendors using the old URL to stop working. Those webhook requests using the old URL will receive an error response.

Limitations

The following limitations exist:

  • It is not currently possible to have a webhook wait for the workflow to complete (either synchronously or asynchronously via polling) and return the data that was outputted from the workflow. (This functionality may be added in the future.)

  • The only supported HTTP verb is “POST”.
  • The only content type accepted is JSON (or no body).

Properties

Name Type Templatable Notes

Metadata Output Property

Text

No

If specified, the metadata for the HTTP request from the webhook will be stored inside this property and made available in the workflow pipeline. This metadata includes the remote host information and the HTTP headers.

Return 202 Accepted

Checkbox

No

If checked, a successful HTTP request will be responded to with HTTP 202 Accepted instead of HTTP 200 OK.

Note: Enabling this setting does not activate asynchronous polling on the workflow endpoint for the workflow status, it only changes the response code for compatibility reasons. Asynchronous status polling is not currently available for the webhook trigger, but may be added in a future release.

Omit Response Body

Checkbox

No

If checked, the default response body that is returned (see above) will be suppressed, and instead, no body will be returned.