Webhook Triggers
Trigger workflows from external webhook events
Webhook Triggers
Webhook triggers start workflows when external systems send events to your webhook endpoints. The Workflows API supports webhooks from multiple providers with automatic signature verification.
Configuration
| Field | Type | Required | Description |
|---|---|---|---|
type | string | Yes | Must be "webhook" |
provider | string | No | Provider name for signature verification |
events | string[] | No | Filter to specific event types |
path | string | No | Custom path for the webhook URL |
verifySignature | boolean | No | Enable/disable signature verification |
Supported Providers
| Provider | Webhook URL | Signature Header |
|---|---|---|
| Stripe | /webhooks/stripe/{companyId} | stripe-signature |
| Salesforce | /webhooks/salesforce/{companyId} | N/A (SOAP XML) |
| HubSpot | /webhooks/hubspot/{companyId} | x-hubspot-signature-v3 |
| QuickBooks | /webhooks/quickbooks/{companyId} | intuit-signature |
| PandaDoc | /webhooks/pandadoc/{companyId} | x-pandadoc-signature |
| NetSuite | /webhooks/netsuite/{companyId} | x-netsuite-signature |
| Gmail | /webhooks/gmail/{companyId} | N/A (Pub/Sub) |
| Custom | /webhooks/custom/{companyId}/{path} | N/A |
Provider Examples
Stripe
Stripe Webhook URL:
Configure in Stripe Dashboard:
- Go to Developers → Webhooks
- Add endpoint with your webhook URL
- Select events:
invoice.paid,payment_intent.succeeded - Copy the signing secret to your environment
Common Stripe Events:
invoice.paid- Invoice was paidinvoice.payment_failed- Payment attempt failedpayment_intent.succeeded- Payment completedcustomer.created- New customer createdsubscription.created- New subscription startedsubscription.canceled- Subscription was canceled
Salesforce
Salesforce supports three webhook types:
Salesforce CDC Change Types:
create- Record createdupdate- Record updateddelete- Record deletedundelete- Record restored
HubSpot
HubSpot Event Kinds:
contact.propertyChange- Contact property changedcompany.propertyChange- Company property changeddeal.propertyChange- Deal property changeddeal.creation- Deal createddeal.deletion- Deal deleted*- Match all events
QuickBooks
QuickBooks Event Types:
Invoice- Invoice eventsPayment- Payment eventsCustomer- Customer eventsEstimate- Estimate eventsBill- Bill events
PandaDoc
PandaDoc Events:
document_state_changed- Document status changedrecipient_completed- Recipient signeddocument_completed- All signatures collecteddocument_paid- Payment received
NetSuite
NetSuite Events:
record.create- Record createdrecord.update- Record updatedrecord.delete- Record deletedscheduled.script- Scheduled script execution
Custom Webhooks
For providers not listed above, use custom webhooks:
Custom Webhook URL:
Event Filtering
Only trigger on specific events by listing them in the events array:
Without events, the workflow triggers on all events from that provider.
Signature Verification
Webhooks are verified using provider-specific signatures to ensure authenticity.
| Provider | Header | Algorithm |
|---|---|---|
| Stripe | stripe-signature | HMAC-SHA256 with timestamp |
| HubSpot | x-hubspot-signature-v3 | HMAC-SHA256 |
| QuickBooks | intuit-signature | HMAC-SHA256 |
| PandaDoc | x-pandadoc-signature | HMAC-SHA256 |
| NetSuite | x-netsuite-signature | HMAC-SHA256 |
Store webhook signing secrets securely in environment variables. Never commit them to version control.
Handling Verification Failures
When signature verification fails, the webhook returns 401 Unauthorized:
Check that:
- Your signing secret matches the provider's configuration
- The request hasn't been tampered with
- The timestamp is within acceptable bounds (for Stripe)
Webhook Response
All webhooks return a consistent response format:
| Field | Description |
|---|---|
received | Always true for successful receipt |
eventId | Unique identifier for this webhook event |
workflowsTriggered | Number of workflows triggered by this event |
Input Data
The full webhook payload is available in your workflow as {{input}}:
Stripe Example
Access nested data in your steps:
Salesforce CDC Example
Webhook Events Table
All incoming webhooks are stored in the webhook_events table for audit and replay:
| Field | Description |
|---|---|
id | Unique event ID |
company_id | Company that received this event |
provider | Provider name (stripe, salesforce, etc.) |
event_type | Event type (invoice.paid, etc.) |
event_id | Provider's event ID |
payload | Full event payload (JSON) |
signature_verified | Verification status |
status | Processing status |
workflows_triggered | Array of triggered workflow runs |
Testing Webhooks
Using cURL
Using Stripe CLI
Using ngrok
Troubleshooting
Webhook Not Triggering Workflow
- Check workflow status - Must be
active - Verify event filter - Events must match workflow's
eventsarray - Check signature - Ensure signing secrets are configured
- Review webhook events - Check the
webhook_eventstable
Duplicate Events
Webhooks are deduplicated by eventId. If you receive duplicates:
- Ensure idempotent workflow design
- Check provider retry settings
- Verify webhook acknowledgement is reaching provider
Timeout Issues
Webhooks must respond within provider timeouts:
- Stripe: 30 seconds
- HubSpot: 5 seconds
- QuickBooks: 30 seconds
The API acknowledges webhooks immediately and processes asynchronously.