Webhooks are the nervous system of any serious automation stack. They allow external systems — Shopify stores, Typeform submissions, custom Python scripts, payment gateways, or a client's legacy CRM — to trigger a workflow in n8n the instant an event occurs. No polling. No delays. No manual checking. In Pakistan's growing e-commerce and freelance economy, mastering webhooks is the single skill that separates automation hobbyists from automation professionals who bill PKR 50,000+ per workflow. This lesson teaches you to architect high-fidelity webhook receivers that handle real-world data.

Section 1: The Webhook Lifecycle

Every webhook interaction follows the same pattern regardless of the source system. Understanding this lifecycle lets you debug problems instantly.

WEBHOOK LIFECYCLE — FROM EVENT TO ACTION

External System                     n8n Instance
(Shopify / Typeform / Custom)       (automate.yourdomain.com)
        │                                   │
        │  1. EVENT OCCURS                  │
        │  (new order, form submit,         │
        │   payment received, etc.)         │
        │                                   │
        │  2. POST REQUEST FIRES            │
        │─────────────────────────────────>│
        │  Content-Type: application/json   │
        │  Body: { "event": "...", ... }    │
        │                                   │
        │                          3. WEBHOOK NODE
        │                             RECEIVES PAYLOAD
        │                             Parses JSON body
        │                             Extracts fields
        │                                   │
        │  4. HTTP 200 RESPONSE             │
        │<─────────────────────────────────│
        │  (sent immediately)               │
        │                                   │
        │                          5. WORKFLOW CONTINUES
        │                             (Scoring, CRM sync,
        │                              notifications...)
        │
IMPORTANT: n8n responds 200 immediately, then
processes asynchronously. The caller never waits.

Section 2: Test URL vs Production URL

This is the most common source of confusion for n8n beginners. There are two distinct webhook URLs for every Webhook node:

To switch from Test to Production: close the editor and click the "Activate" toggle in the top-right corner of the workflow. Only then will the production URL respond.

Section 3: Configuring the Webhook Node

Add a Webhook node to a new workflow. The key settings to configure:

Webhook Node Settings
├── HTTP Method: POST (for receiving data)
│   └── Also available: GET, PUT, PATCH, DELETE
├── Path: /restaurant-leads (custom, human-readable)
│   └── Default is a UUID — always replace with a meaningful path
├── Response Mode: On Received (returns 200 immediately)
│   └── Alternative: Last Node (returns final node output — use for sync APIs)
├── Response Code: 200
└── Authentication: None / Header Auth / Basic Auth
    └── For production: always add Header Auth with a secret token

Testing your webhook before connecting a real system. Use curl from your terminal or PowerShell:

curl -X POST https://automate.yourdomain.com/webhook-test/restaurant-leads \
     -H "Content-Type: application/json" \
     -d '{
       "name": "Ahmed Khan",
       "phone": "+923001234567",
       "party_size": 4,
       "restaurant": "Kolachi DHA",
       "source": "website"
     }'

Expected response: {"message":"Workflow was started"} or the output of your last node, depending on Response Mode.

Section 4: Securing Your Webhook with Header Authentication

A public webhook URL with no authentication is an open door for spam, abuse, and data injection. Always add a secret token:

In Webhook Node Settings:
├── Authentication: Header Auth
├── Header Name: X-Webhook-Secret
└── Header Value: your-secret-token-here-change-this

In your calling application (Shopify, Typeform, etc.):
Add header: X-Webhook-Secret: your-secret-token-here-change-this

In n8n Credentials panel:
Create a new "Header Auth" credential to store the secret safely
(never hardcode secrets in node settings directly)

Section 5: Parsing and Mapping Incoming JSON

When a webhook fires, the JSON body becomes available as $json in all subsequent nodes. Here are the expressions you will use constantly:

// Access top-level fields
{{ $json.name }}          // "Ahmed Khan"
{{ $json.phone }}         // "+923001234567"
{{ $json.party_size }}    // 4

// Access nested fields
{{ $json.address.city }}  // "Karachi"
{{ $json.items[0].name }} // First item in an array

// Conditional mapping
{{ $json.source === 'whatsapp' ? 'PK_Leads' : 'Web_Leads' }}

// Normalize Pakistani phone numbers from webhook input
{{ $json.phone.replace(/[\s\-\(\)]/g, '').replace(/^0/, '+92') }}

Section 6: Routing Multiple Sources Through One Webhook

A single webhook endpoint can handle traffic from multiple sources. Use an IF node (or Switch node for 3+ branches) to route based on the source field:

MULTI-SOURCE WEBHOOK ROUTING

[Webhook Node: POST /leads]
           │
           ↓
[Switch Node: $json.source]
    │
    ├── "linkedin"   → [Google Sheets: LinkedIn_Leads tab]
    │                         │
    │                         └── [Slack: #linkedin channel]
    │
    ├── "meta"       → [Google Sheets: Paid_Leads tab]
    │                         │
    │                         └── [Slack: #paid-ads channel]
    │
    ├── "website"    → [Google Sheets: Organic_Leads tab]
    │                         │
    │                         └── [Slack: #organic channel]
    │
    └── "whatsapp"   → [Google Sheets: PK_Leads tab]
                              │
                              └── [HTTP: WATI WhatsApp alert to owner]

The Switch node is more efficient than nested IF nodes for 3+ branches — it evaluates all conditions in one pass.

Task 1 — Basic Receiver: Create a new workflow. Add a Webhook node with method POST and path /test-leads. Click "Listen for Test Event." Open a new terminal and run the curl command from Section 3 (replace the URL with your Test URL). Confirm the data appears in the n8n editor output panel.

Task 2 — Google Sheets Integration: Add a Google Sheets node after the webhook. Connect it to a new sheet called "n8n Leads" with columns: Name, Phone, Source, Timestamp. Map $json.name, $json.phone, $json.source, and {{ new Date().toISOString() }} to the respective columns. Fire the webhook again and confirm the row appears in your sheet within 3 seconds.

Task 3 — Multi-Source Router: Add a Switch node after the webhook. Create 3 branches based on $json.source values: "linkedin", "website", "whatsapp". Connect each branch to a separate Google Sheets tab. Test all 3 branches by sending curl requests with different source values. Confirm each lead lands in the correct tab.

Pakistan Case Study

Character: Sana Mirza, 27, a digital marketing consultant from DHA Phase 4, Lahore. She manages lead generation for 3 restaurant clients across Lahore and Karachi — total monthly retainer PKR 90,000.

The Problem: Each restaurant had its own "contact us" form on their website, and Sana was manually checking 3 inboxes, copying leads into WhatsApp groups for the restaurant owners, and tracking conversions in a shared Google Sheet. She was spending 2 hours daily on pure data entry. At PKR 90,000/month, that is PKR 1,125/hour going toward copy-paste work.

The Solution: Sana built one n8n webhook endpoint per restaurant (3 total, each with a unique path and header auth secret). Each restaurant's website form now POSTs directly to n8n. The workflow: receives the lead, normalizes the phone number with {{ $json.phone.replace(/^0/, '+92') }}, appends to a shared Google Sheet with a "restaurant" column, and fires a WATI WhatsApp message to the restaurant owner within 4 seconds of the form submission.

The Numbers: Setup time: 6 hours across 3 weekends. Monthly time saved: 44 hours. At her PKR 1,125/hour rate that is PKR 49,500/month of reclaimed capacity. She used that capacity to onboard a 4th client. Sana's note to herself: "Webhook lagaya, zindagi aasaan ho gayi."

Key Takeaways

• Webhooks are event-driven — they fire instantly when something happens, with zero polling delay; this is fundamentally different from scheduled triggers
• Always distinguish between the Test URL (active only in editor) and the Production URL (requires workflow to be Activated); mixing these up is the most common beginner mistake
• The Response Mode: On Received setting is critical for integrations with Shopify, Typeform, and other platforms that expect a fast HTTP 200 response — slow responses cause those platforms to retry the webhook, sending duplicate data
• Always add Header Auth to production webhooks — an unprotected webhook is an open API that anyone can spam
• Use meaningful URL paths (e.g., /restaurant-leads) instead of UUIDs — when debugging at 11 PM, you want readable URLs in your logs
• The Switch node handles 3+ routing branches more cleanly than nested IF nodes — use IF for binary decisions, Switch for multi-source routing
• Pakistani lead sources skew heavily toward WhatsApp — always build a dedicated WhatsApp branch in your multi-source router and route those leads to a PK_Leads sheet with phone-number normalization
• Always log a timestamp ({{ new Date().toISOString() }}) in your Sheets append — without it, you cannot tell when a lead arrived or debug timing issues
• For Google Sheets integration, use "Append Row" (not "Update Row") for new leads — update only when you are deliberately changing existing records
• Store your webhook secret in n8n's Credentials panel, never as a hardcoded value in the node — credentials are encrypted at rest, node settings are not

Recommended Resources

• n8n Webhook node documentation: docs.n8n.io/integrations/builtin/trigger-nodes/n8n-nodes-trigger-http/
• n8n Switch node guide: docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base-switch/
• WATI WhatsApp API for Pakistan: wati.io/docs — search "send template message"
• Webhook.site: free tool to inspect incoming webhook payloads before connecting n8n