Webhook Triggers and Event-Driven Workflows
Build real-time workflows triggered by external events using webhooks.
What Is a Webhook?
A webhook is an HTTP endpoint that receives data when something happens elsewhere. Instead of polling an API every 5 minutes ("did anything change?"), webhooks push data to you instantly when events occur.
They're the foundation of real-time automation.
The Webhook Pattern
Event occurs (payment processed, form submitted, code pushed)
↓
Source system POSTs JSON to your webhook URL
↓
Your workflow receives the data
↓
Actions execute (send notification, update database, trigger AI)
Setting Up a Webhook in n8n
- Create a new workflow
- Add a Webhook trigger node
- Copy the generated URL (unique per workflow)
- In the source system (Stripe, GitHub, etc.), configure the webhook URL
- Select which events to receive
- Add your processing nodes
- Activate the workflow
Webhook Security
Never expose an unauthenticated webhook to the internet. Validate:
Signature verification — most webhook providers include a signature header (HMAC-SHA256 of the body). Verify it to confirm the request is legitimate.
IP allowlisting — some providers have fixed IP ranges. Allowlist them.
Secret tokens — pass a secret in the URL or header and verify it on receipt.
Idempotency
Webhooks can be delivered more than once (network retries, provider bugs). Design your handlers to be idempotent: processing the same event twice should produce the same result as processing it once.
Use the event's unique ID as an idempotency key and check for duplicates before processing.