Webhook Triggers and Event-Driven Workflows

What Is a Webhook?

A webhook is an HTTP endpoint that receives data when something happens elsewhere. Instead of polling an API every 5 minutes ("did anything change?"), webhooks push data to you instantly when events occur.

They're the foundation of real-time automation.

The Webhook Pattern

Event occurs (payment processed, form submitted, code pushed)
     ↓
Source system POSTs JSON to your webhook URL
     ↓
Your workflow receives the data
     ↓
Actions execute (send notification, update database, trigger AI)

Setting Up a Webhook in n8n

1. Create a new workflow
2. Add a Webhook trigger node
3. Copy the generated URL (unique per workflow)
4. In the source system (Stripe, GitHub, etc.), configure the webhook URL
5. Select which events to receive
6. Add your processing nodes
7. Activate the workflow

Webhook Security

Never expose an unauthenticated webhook to the internet. Validate:

Signature verification — most webhook providers include a signature header (HMAC-SHA256 of the body). Verify it to confirm the request is legitimate.

IP allowlisting — some providers have fixed IP ranges. Allowlist them.

Secret tokens — pass a secret in the URL or header and verify it on receipt.

Idempotency

Webhooks can be delivered more than once (network retries, provider bugs). Design your handlers to be idempotent: processing the same event twice should produce the same result as processing it once.

Use the event's unique ID as an idempotency key and check for duplicates before processing.