Webhook Node (Trigger)

Trigger your workflow via HTTP. 1 webhook per workflow, Basic/Header auth only — key constraints explained.

Written By pvdyck

Last updated 22 minutes ago

Webhook Node (Trigger)

The Webhook trigger node starts your workflow when an external service sends an HTTP request to a unique URL.

What It Does

Provides a unique HTTPS URL that triggers your workflow when called. The webhook payload becomes the first item in your workflow.

HTTP Methods

The Webhook node supports the following HTTP methods:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
  • HEAD

Authentication Options

Configure authentication to restrict who can trigger your webhook:

  • None — Any caller with the URL can trigger the workflow (default).
  • Basic Auth — Requires a username and password sent via the Authorization header.
  • Header Auth — Requires a specific header name/value pair.
  • JWT Auth — Validates a JSON Web Token in the request.

Response Modes

Control how the webhook responds to the caller:

  • Immediately — Returns a "Workflow got started" response right away.
  • When Last Node Finishes — Waits for the entire workflow to complete, then returns the final output.
  • Using Respond to Webhook Node — Use the Respond to Webhook node anywhere in your workflow to send a custom response.

Parameters

ParameterDescription
HTTP MethodWhich HTTP method to accept (GET, POST, etc.)
PathCustom URL path segment. Supports route parameters like /:variable
Response CodeHTTP status code to return (default: 200)
Response DataWhat data to include in the response body

Additional Options

  • Allowed Origins (CORS) — Restrict which origins can call the webhook.
  • Binary Property — Name of the binary property for file uploads.
  • Ignore Bots — Filter out requests from known bots.
  • IP Whitelist — Restrict access to specific IP addresses.
  • Raw Body — Access the unparsed request body.
  • Response Content-Type — Set the response content type header.
  • Response Headers — Add custom headers to the response.

Key Limitations on indie.money

  • 1 webhook per workflow — Each agent has exactly one webhook URL. You cannot have multiple webhook triggers in a single workflow.
  • No HMAC signature verification — Webhook requests are not validated with a secret/signature. Any caller with your URL can trigger the workflow.
  • No streaming responses — The webhook waits for the workflow to complete, then returns the full result.
  • Maximum payload size — 16 MB per request.

Security Consideration

Since there is no HMAC verification, protect your webhook URL like a secret. Do not share it publicly. If compromised, you can regenerate it from the Producer Dashboard.

Tips

  • Use Header Auth for service-to-service integrations where you control the caller.
  • Use the Respond to Webhook node for full control over response body, headers, and status code.
  • Route parameters (e.g., /users/:id) let you extract path segments as variables.
  • HTML responses are automatically sandboxed in iframes for security.

Difference: Webhook Trigger vs Producer Webhook Setup

The Webhook node (this article) is a node inside your n8n workflow design — it defines how your agent receives external calls.

The Producer Webhook Setup (in the Producer Dashboard) provides the URL a Producer uses to trigger a pre-purchased agent. These are related but distinct concepts.

Related