Webhook
Runs the workflow when an HTTP POST request is received.
Optionally, a JSON body can be specified to pass data into the workflow’s first action.
Note: Fires: When an HTTP POST request is received and when the workflow is run manually.
Note: Output: HTTP JSON Body (JSON) and HTTP Metadata (object) (Optional)
Configuring the webhook
When you first add the Webhook trigger to a workflow, you will see the following message in the properties pane:
The randomized webhook URL is not generated until the workflow definition is saved. Once saved, if you open the properties pane again, you will see your webhook URL:
Technical details
The webhook currently supports the following HTTP configuration:
|
Protocols |
HTTPS (TLS 1.2+) |
|---|---|
|
Methods |
POST |
|
URLs |
Automatically generated, can be partially regenerated |
|
Content Types |
|
|
Body |
Optional - JSON Object |
|
Response |
|
Response body
If the workflow was queued successfully:
{
"error": false,
"id": "0WXB15..................YY5",
"queueTime": "2024-06-19T20:19:44"}If there was an error queueing the workflow:
{
"error": true,
"message": "Invalid JSON body: After parsing a value an unexpected character was encountered: \". Path 'sample', line 5, position 1."}You may suppress this response body by enabling the Omit Response Body setting.
Authentication and security
The webhook URL does not require any authentication, API key, or custom HTTP headers to work. The URL is randomized and virtually impossible to guess.
Important! Keep your URL safe and only use it or share it with third parties that you trust.
How secure is it?
- The URL has (roughly) 2.9 × 1037 possible combinations.
- Currently (as of Q4 2023), the strongest supercomputer (about 1 exaFLOP) can run 3.15×1025 operations per year.
That means it would take even the strongest supercomputer on the planet 9.2×1011 years (about 920 billion years) to guess the URL.
Even if you somehow harnessed the entire compute power that humankind has available on the planet today (roughly 1023 FLOPs), it would still take over 9 million years to guess your URL.
If you believe that your URL has been compromised, or you would otherwise like to regenerate your random webhook URL, you can click [ Regenerate URL ] in the properties pane of the webhook trigger.
Warning! Regenerating the URL and saving the workflow will immediately cause any integrations or vendors using the old URL to stop working. Those webhook requests using the old URL will receive an error response.
Limitations
The following limitations exist:
-
It is not currently possible to have a webhook wait for the workflow to complete (either synchronously or asynchronously via polling) and return the data that was outputted from the workflow. (This functionality may be added in the future.)
- The only supported HTTP verb is “POST”.
-
The only content type accepted is JSON (or no body).
Properties
| Name | Type | Templatable | Notes |
|---|---|---|---|
|
Metadata Output Property |
Text |
No |
If specified, the metadata for the HTTP request from the webhook will be stored inside this property and made available in the workflow pipeline. This metadata includes the remote host information and the HTTP headers. |
|
Return 202 Accepted |
Checkbox |
No |
If checked, a successful HTTP request will be responded to with Note: Enabling this setting does not activate asynchronous polling on the workflow endpoint for the workflow status, it only changes the response code for compatibility reasons. Asynchronous status polling is not currently available for the webhook trigger, but may be added in a future release. |
|
Omit Response Body |
Checkbox |
No |
If checked, the default response body that is returned (see above) will be suppressed, and instead, no body will be returned. |