6.2 — Webhook Workflows — Real-Time Triggers & Responses
Webhook Workflows — Real-Time Triggers & Responses
APIs let you pull data on a schedule. Webhooks let data push itself to you the moment something happens. A new Shopify order, a Stripe payment, a form submission, a GitHub commit — webhooks trigger your n8n workflow instantly. This lesson teaches you to build webhook-powered workflows that respond to events in real time.
Webhooks vs. Polling — Why Webhooks Win
POLLING (Schedule Trigger):
Your workflow → "Any new orders?" → Shopify → "No"
[5 min later]
Your workflow → "Any new orders?" → Shopify → "No"
[5 min later]
Your workflow → "Any new orders?" → Shopify → "Yes, 1 order!"
→ 10 minutes wasted checking, potential delay of up to 5 min
WEBHOOK (Instant):
Shopify → "New order!" → Your workflow (instantly)
→ 0 delay, 0 wasted checks
| Aspect | Polling | Webhook |
|---|---|---|
| Speed | Delayed (up to interval time) | Instant |
| Resource usage | High (constant checking) | Low (only fires on event) |
| Execution count | Many empty runs | Only runs when needed |
| Complexity | Simple to set up | Requires URL configuration |
| Best for | APIs without webhooks | Any service that supports webhooks |
The n8n Webhook Node
Setting Up a Basic Webhook
n8n Workflow Setup:
1. Add node: "Webhook" (under Triggers)
2. HTTP Method: POST (most common)
3. Path: /my-webhook-path (becomes part of the URL)
4. Authentication: None (for testing) / Header Auth (for production)
5. Response Mode: "When Last Node Finishes" (send response after processing)
Your webhook URL will be:
TEST: https://your-n8n.domain/webhook-test/my-webhook-path
PROD: https://your-n8n.domain/webhook/my-webhook-path
Webhook Configuration Options
| Setting | Options | When to Use |
|---|---|---|
| HTTP Method | GET, POST, PUT, DELETE | POST for data receipt, GET for simple triggers |
| Path | Custom string | Name it descriptively: /shopify-orders, /form-submit |
| Authentication | None, Basic Auth, Header Auth | Always use Header Auth in production |
| Response Mode | Immediately, When Last Node Finishes | Immediately for speed, Last Node for confirmation |
| Response Code | 200, 201, etc. | 200 for success, use conditionals for error codes |
| Response Data | First Entry, Last Entry, All Entries | Depends on what the sender expects |
Practical Webhook Workflows
Workflow 1: Shopify Order → WhatsApp Confirmation
[Webhook: /shopify-order]
│
▼
[Set Node: Extract order data]
│ customer_name = {{$json.customer.first_name}}
│ phone = {{$json.customer.phone}}
│ total = {{$json.total_price}}
│ items = {{$json.line_items.map(i => i.title).join(', ')}}
│
▼
[IF Node: Has phone number?]
│
├── YES ──▶ [HTTP Request: WATI API]
│ POST https://live-server.wati.io/api/v1/sendTemplateMessage
│ Body: { phone: "+92...", template: "order_confirm",
│ parameters: [name, total, items] }
│
└── NO ───▶ [Gmail: Send email confirmation instead]
Workflow 2: Typeform Submission → Google Sheets + Email
[Webhook: /typeform-response]
│
▼
[Set Node: Parse Typeform payload]
│ name = {{$json.form_response.answers[0].text}}
│ email = {{$json.form_response.answers[1].email}}
│ interest = {{$json.form_response.answers[2].choice.label}}
│
▼
[Google Sheets: Append Row]
│ Sheet: "Leads"
│ Values: [name, email, interest, timestamp]
│
▼
[Gmail: Send welcome email]
│ To: {{$json.email}}
│ Subject: "Thanks for signing up, {{$json.name}}!"
│ Body: [template with interest-specific content]
│
▼
[Respond to Webhook: 200 OK]
Workflow 3: Stripe Payment → Fulfillment Pipeline
[Webhook: /stripe-payment]
│
▼
[IF Node: event.type === "payment_intent.succeeded"]
│
├── YES ──▶ [Set: Extract payment data]
│ │ amount = {{$json.data.object.amount / 100}}
│ │ email = {{$json.data.object.receipt_email}}
│ │ product = {{$json.data.object.metadata.product_id}}
│ │
│ ▼
│ [Switch: Product type]
│ ├── "course" → [HTTP: Grant course access]
│ ├── "ebook" → [Gmail: Send download link]
│ └── "service" → [Slack: Notify team]
│
└── NO ───▶ [Stop and Respond: 200 OK (acknowledge but ignore)]
Webhook Security
Authentication Methods
Method 1: Header Auth (Recommended)
Webhook Node Settings:
- Authentication: Header Auth
- Header Name: X-Webhook-Secret
- Header Value: your-secret-key-here-abc123
The sending service must include this header:
X-Webhook-Secret: your-secret-key-here-abc123
Without it → n8n returns 401 Unauthorized
Method 2: Signature Verification (Advanced)
Many services sign their webhook payload. Verify it with a Function node:
// Function Node: Verify Shopify HMAC Signature
const crypto = require('crypto');
const secret = 'your-shopify-webhook-secret';
const hmac = crypto.createHmac('sha256', secret);
const body = JSON.stringify($input.first().json);
hmac.update(body, 'utf8');
const calculated = hmac.digest('base64');
const received = $input.first().headers['x-shopify-hmac-sha256'];
if (calculated !== received) {
throw new Error('Invalid webhook signature — request rejected');
}
return $input.all();
Method 3: IP Whitelisting
IF Node: Check source IP
Condition: {{$json.headers['x-forwarded-for']}} is in allowed list
Allowed IPs for common services:
- Stripe: 54.187.174.169, 54.187.205.235, ...
- Shopify: Published in their docs
- GitHub: 140.82.112.0/20
Security Checklist
□ Use Header Auth or signature verification (NEVER leave unprotected)
□ Validate the payload structure before processing
□ Use HTTPS only (n8n cloud does this automatically)
□ Log all webhook calls for audit trail
□ Set up rate limiting (IF node: reject if >100 calls/minute)
□ Validate required fields exist before processing
Webhook Response Patterns
Pattern 1: Synchronous (Wait for Processing)
Webhook → Process → Respond with result
Use when: The sender needs to know the result
Example: Form submission → validate → return success/error message
Setting: Response Mode = "When Last Node Finishes"
Pattern 2: Asynchronous (Acknowledge Immediately)
Webhook → Respond 200 OK immediately → Process in background
Use when: Processing takes time and sender just needs acknowledgment
Example: Shopify order → send 200 OK → process order in background
Setting: Response Mode = "Immediately"
Pattern 3: Conditional Response
Webhook → Validate → IF valid → Process → 200 OK
→ IF invalid → 400 Bad Request
Use when: You need to reject bad payloads
Implementation: Use "Respond to Webhook" node in both branches
Common Webhook Sources for Pakistani Businesses
| Service | Webhook Events | Use Case |
|---|---|---|
| Shopify | Order created, payment received, fulfillment | E-commerce automation |
| WooCommerce | New order, status change, new customer | WordPress stores |
| Stripe | Payment succeeded, subscription created/canceled | Payment processing |
| Daraz Seller Center | New order (via API polling — no native webhook) | Pakistani marketplace |
| JazzCash | Payment notification (callback URL) | Local payments |
| WATI | Message received, template status | WhatsApp automation |
| Typeform/Google Forms | Form submission | Lead capture |
| GitHub | Push, PR, issue created | Developer workflows |
| Calendly | Meeting booked, canceled | Scheduling |
Practice Lab
Task 1: Build a Form-to-Sheet Webhook Create a webhook workflow that receives a JSON payload (name, email, message), appends it to a Google Sheet, and sends a confirmation email. Test it using n8n's built-in test webhook.
Task 2: Payment Notification Workflow Build a webhook that simulates a payment notification: receives payment data, checks if the amount is above PKR 5,000, and sends a Slack/email alert for high-value payments. Low-value payments get logged silently.
Task 3: Secure Your Webhook Take the workflow from Task 1 and add Header Auth. Test that requests without the secret header are rejected (401). Test that requests with the correct header are processed.
Pakistan Case Study
Meet Hamza — runs a Shopify store selling custom phone cases from Lahore.
His problem: Manually checking Shopify for new orders every hour. Copying customer details to a Google Sheet. Sending WhatsApp confirmations by hand. Missing orders during prayer times and late at night. Average response time to customers: 2-4 hours.
His webhook solution:
Workflow 1: Shopify order webhook → Google Sheets (order log) + WATI WhatsApp confirmation (instant) + Slack notification to his team
Workflow 2: Stripe payment webhook → IF payment > PKR 10,000 → personal WhatsApp alert (high-value order) + priority flag in sheet
Workflow 3: Typeform feedback webhook → Google Sheets + IF rating < 3 → immediate email alert to Hamza for damage control
Results:
- Customer response time: 2-4 hours → instant (automated)
- Orders missed during off-hours: 3-5/week → 0
- Manual data entry: 45 minutes/day → 0 minutes
- Customer satisfaction (repeat orders): 15% → 34%
- Monthly revenue increase: PKR 80,000 (attributed to faster response + fewer missed orders)
His setup cost: PKR 0 (n8n self-hosted on a PKR 2,500/month VPS, Shopify webhook is free, WATI API included in his existing plan)
Key Takeaways
- Webhooks are instant event triggers — no polling delay, no wasted checks
- n8n's Webhook node gives you a URL that external services POST data to
- Always secure webhooks with Header Auth or signature verification in production
- Choose response mode carefully: immediate (fast) vs. after processing (reliable)
- Shopify, Stripe, WooCommerce, and most SaaS tools support webhooks natively
- For services without webhooks (Daraz), use Schedule Trigger as a polling fallback
- Webhook workflows are the backbone of real-time automation for e-commerce
- Security is not optional — unprotected webhooks are an open door to your systems
Next lesson: Building custom API connectors in n8n for services that don't have built-in nodes.
Lesson Summary
Quiz: Webhook Workflows — Real-Time Triggers & Responses
4 questions to test your understanding. Score 60% or higher to pass.