Webhook Triggers

Webhook triggers start workflows when external systems send events to your webhook endpoints. The Workflows API supports webhooks from multiple providers with automatic signature verification.

Configuration

{
  "trigger": {
    "type": "webhook",
    "provider": "stripe",
    "events": ["invoice.paid", "invoice.created"],
    "verifySignature": true
  }
}

Field	Type	Required	Description
`type`	string	Yes	Must be `"webhook"`
`provider`	string	No	Provider name for signature verification
`events`	string[]	No	Filter to specific event types
`path`	string	No	Custom path for the webhook URL
`verifySignature`	boolean	No	Enable/disable signature verification

Supported Providers

Provider	Webhook URL	Signature Header
Stripe	`/webhooks/stripe/{companyId}`	`stripe-signature`
Salesforce	`/webhooks/salesforce/{companyId}`	N/A (SOAP XML)
HubSpot	`/webhooks/hubspot/{companyId}`	`x-hubspot-signature-v3`
QuickBooks	`/webhooks/quickbooks/{companyId}`	`intuit-signature`
PandaDoc	`/webhooks/pandadoc/{companyId}`	`x-pandadoc-signature`
NetSuite	`/webhooks/netsuite/{companyId}`	`x-netsuite-signature`
Gmail	`/webhooks/gmail/{companyId}`	N/A (Pub/Sub)
Custom	`/webhooks/custom/{companyId}/{path}`	N/A

Provider Examples

Stripe

{
  "name": "Payment Received Notification",
  "trigger": {
    "type": "webhook",
    "provider": "stripe",
    "events": ["invoice.paid", "payment_intent.succeeded"]
  },
  "steps": [...]
}

Stripe Webhook URL:

https://your-domain.com/webhooks/stripe/{COMPANY_ID}

Configure in Stripe Dashboard:

Go to Developers → Webhooks
Add endpoint with your webhook URL
Select events: invoice.paid, payment_intent.succeeded
Copy the signing secret to your environment

Common Stripe Events:

invoice.paid - Invoice was paid
invoice.payment_failed - Payment attempt failed
payment_intent.succeeded - Payment completed
customer.created - New customer created
subscription.created - New subscription started
subscription.canceled - Subscription was canceled

Salesforce

Salesforce supports three webhook types:

{
  "trigger": {
    "type": "salesforce_event",
    "eventKind": "platform_event",
    "platformEventName": "Invoice_Created__e"
  }
}

Salesforce CDC Change Types:

create - Record created
update - Record updated
delete - Record deleted
undelete - Record restored

HubSpot

{
  "trigger": {
    "type": "hubspot_event",
    "eventKind": "deal.propertyChange",
    "propertyName": "dealstage"
  }
}

HubSpot Event Kinds:

contact.propertyChange - Contact property changed
company.propertyChange - Company property changed
deal.propertyChange - Deal property changed
deal.creation - Deal created
deal.deletion - Deal deleted
* - Match all events

QuickBooks

{
  "trigger": {
    "type": "webhook",
    "provider": "quickbooks",
    "events": ["Invoice", "Payment"]
  }
}

QuickBooks Event Types:

Invoice - Invoice events
Payment - Payment events
Customer - Customer events
Estimate - Estimate events
Bill - Bill events

PandaDoc

{
  "trigger": {
    "type": "webhook",
    "provider": "pandadoc",
    "events": ["document_state_changed", "document_completed"]
  }
}

PandaDoc Events:

document_state_changed - Document status changed
recipient_completed - Recipient signed
document_completed - All signatures collected
document_paid - Payment received

NetSuite

{
  "trigger": {
    "type": "webhook",
    "provider": "netsuite",
    "events": ["record.create", "record.update"]
  }
}

NetSuite Events:

record.create - Record created
record.update - Record updated
record.delete - Record deleted
scheduled.script - Scheduled script execution

Custom Webhooks

For providers not listed above, use custom webhooks:

{
  "trigger": {
    "type": "webhook",
    "path": "my-integration"
  }
}

Custom Webhook URL:

https://your-domain.com/webhooks/custom/{COMPANY_ID}/my-integration

Event Filtering

Only trigger on specific events by listing them in the events array:

{
  "trigger": {
    "type": "webhook",
    "provider": "stripe",
    "events": ["invoice.paid"]
  }
}

Without events, the workflow triggers on all events from that provider.

Signature Verification

Webhooks are verified using provider-specific signatures to ensure authenticity.

Provider	Header	Algorithm
Stripe	`stripe-signature`	HMAC-SHA256 with timestamp
HubSpot	`x-hubspot-signature-v3`	HMAC-SHA256
QuickBooks	`intuit-signature`	HMAC-SHA256
PandaDoc	`x-pandadoc-signature`	HMAC-SHA256
NetSuite	`x-netsuite-signature`	HMAC-SHA256

Store webhook signing secrets securely in environment variables. Never commit them to version control.

Handling Verification Failures

When signature verification fails, the webhook returns 401 Unauthorized:

{
  "error": "Invalid signature"
}

Check that:

Your signing secret matches the provider's configuration
The request hasn't been tampered with
The timestamp is within acceptable bounds (for Stripe)

Webhook Response

All webhooks return a consistent response format:

{
  "received": true,
  "eventId": "evt_xxx",
  "workflowsTriggered": 2
}

Field	Description
`received`	Always `true` for successful receipt
`eventId`	Unique identifier for this webhook event
`workflowsTriggered`	Number of workflows triggered by this event

Input Data

The full webhook payload is available in your workflow as {{input}}:

Stripe Example

{
  "input": {
    "id": "evt_1234",
    "type": "invoice.paid",
    "data": {
      "object": {
        "id": "in_xxx",
        "amount_paid": 9900,
        "customer": "cus_xxx",
        "customer_email": "customer@example.com"
      }
    }
  }
}

Access nested data in your steps:

{
  "config": {
    "to": "{{input.data.object.customer_email}}",
    "amount": "{{input.data.object.amount_paid / 100}}"
  }
}

Salesforce CDC Example

{
  "input": {
    "ChangeEventHeader": {
      "entityName": "Opportunity",
      "changeType": "UPDATE",
      "changedFields": ["Amount", "StageName"]
    },
    "Id": "006xxx",
    "Name": "Big Deal",
    "Amount": 50000,
    "StageName": "Closed Won"
  }
}

Webhook Events Table

All incoming webhooks are stored in the webhook_events table for audit and replay:

Field	Description
`id`	Unique event ID
`company_id`	Company that received this event
`provider`	Provider name (stripe, salesforce, etc.)
`event_type`	Event type (invoice.paid, etc.)
`event_id`	Provider's event ID
`payload`	Full event payload (JSON)
`signature_verified`	Verification status
`status`	Processing status
`workflows_triggered`	Array of triggered workflow runs

Testing Webhooks

Using cURL

# Test Stripe webhook
curl -X POST http://localhost:3000/webhooks/stripe/{COMPANY_ID} \
  -H "Content-Type: application/json" \
  -H "stripe-signature: test" \
  -d '{
    "type": "invoice.paid",
    "data": {
      "object": {
        "id": "in_test",
        "amount_paid": 9900,
        "customer_email": "test@example.com"
      }
    }
  }'

Using Stripe CLI

# Forward Stripe webhooks to localhost
stripe listen --forward-to localhost:3000/webhooks/stripe/{COMPANY_ID}

Using ngrok

# Expose local server
ngrok http 3000
 
# Use the ngrok URL in provider webhook settings
# https://abc123.ngrok.io/webhooks/stripe/{COMPANY_ID}

Troubleshooting

Webhook Not Triggering Workflow

Check workflow status - Must be active
Verify event filter - Events must match workflow's events array
Check signature - Ensure signing secrets are configured
Review webhook events - Check the webhook_events table

Duplicate Events

Webhooks are deduplicated by eventId. If you receive duplicates:

Ensure idempotent workflow design
Check provider retry settings
Verify webhook acknowledgement is reaching provider

Timeout Issues

Webhooks must respond within provider timeouts:

Stripe: 30 seconds
HubSpot: 5 seconds
QuickBooks: 30 seconds

The API acknowledges webhooks immediately and processes asynchronously.

Next Steps

Schedule Triggers

Run workflows on a time-based schedule

API Triggers

Trigger workflows programmatically

Slack Triggers

Trigger from Slack events and commands

Webhook Triggers

Schedule Triggers

API Triggers

Slack Triggers

On this page