Receive data from any application in real time — contact form, payment, GitHub push. A webhook in n8n is the simplest way to integrate an external service with your automation. This guide covers webhook setup, the integration patterns UK businesses actually build, and the security measures that keep public endpoints safe.
What a webhook is and how it works • Setting up the Webhook node step by step • Common integration scenarios • Security — protecting your webhooks • Response modes — replying to the caller • Common webhook problems and fixes • FAQ
A webhook is a mechanism by which one application immediately notifies another that an event has occurred. It works like a reverse API: instead of regularly asking “is there anything new?”, the external application sends data to n8n at the moment the event happens. This notification arrives as an HTTP POST request to a unique URL generated by n8n.
In practice: a customer places an order in your shop, the shop sends a POST with the order data to the n8n webhook URL, and n8n immediately starts the workflow — with no delay. Compare that with polling, which would check for new orders every minute or so — with 100 orders a day the average delay would be 30 seconds and the shop’s API would receive 1,440 needless queries a day.
Tip: n8n on SmartXHosting UK runs in a pre-configured Docker container with TLS 1.3 SSL automatically. Webhooks are public HTTPS endpoints by default — no SSL setup work on your side.
n8n supports webhooks both as a trigger (a node that starts the workflow when a request arrives) and as a response point (you can return data back to the application that sent the webhook). Each webhook in n8n has two URLs: a Test URL (active only while the workflow is open in the editor) and a Production URL (active when the workflow is active). Both are publicly available under your n8n instance domain.
/orders.curl -X POST "YOUR-TEST-URL" -H "Content-Type: application/json" -d '{"name":"Jane","email":"[email protected]","product":"n8n Hosting"}'. Or use Postman.The external application should use the production URL, not the test URL. Test URL is for development only.
Three concrete scenarios UK businesses commonly implement:
You have a contact form on your UK website built in Gravity Forms, Contact Form 7 or a custom solution. Configure it to send the data (name, email, message) to an n8n webhook.
In the workflow:
The whole process takes n8n a fraction of a second. Sales sees the lead instantly.
Stripe supports webhooks natively. In the Stripe dashboard, add a new webhook with the payment_intent.succeeded event type and the n8n URL. When a customer pays:
All automatic — no manual reconciliation between Stripe and your accounting system.
In a GitHub repository, go to Settings › Webhooks and add a webhook with the push event and the n8n URL. Every push to the repository triggers a workflow that extracts commit data (author, branch, commit message, list of changed files) and sends a formatted message to the #dev channel on Slack. Add an IF filter so notifications only concern the main/master branch.
A public webhook URL means anyone who knows the URL can send requests. n8n offers several methods to protect webhooks from unauthorised access.
The simplest method: enable it in the Webhook node settings, set a username and password. The external application must pass these in the Authorization header. Works for simple internal integrations.
More secure for integrations with external services. Set a header name (e.g. X-Webhook-Secret) and a token value. The external application must include this header on every request. Without the correct token, n8n rejects the request with HTTP 401.
The strongest method, used by Stripe, GitHub and other professional platforms. The platform signs the payload cryptographically (HMAC-SHA256) using a shared secret. In n8n, use a Code node to verify the signature before processing:
const crypto = require('crypto');
const secret = $vars.STRIPE_WEBHOOK_SECRET;
const payload = JSON.stringify($input.first().json);
const signature = $input.first().headers['stripe-signature'];
const expected = crypto.createHmac('sha256', secret)
.update(payload)
.digest('hex');
if (signature !== expected) {
throw new Error('Invalid signature');
}
return $input.all();On SmartXHosting, all n8n webhooks run over HTTPS with a valid Let’s Encrypt SSL certificate, which eliminates the risk of data being intercepted in transit. HTTPS is a basic requirement on many professional platforms — Stripe, for example, rejects webhook endpoints without SSL.
Three Response Mode options on the Webhook node:
Content-Type: application/json. Check the sender config.n8n webhooks with UK-hosted SSL
SmartXHosting n8n ships with TLS 1.3 SSL, UK data centre and 24/7 uptime monitoring — the stable foundation any webhook integration needs.
See n8n hosting plansQ: What’s the difference between Webhook and HTTP Request nodes?
A: Webhook receives an incoming request that triggers your workflow. HTTP Request makes outgoing calls to other APIs from within a workflow. They’re opposites.
Q: Can a webhook receive file uploads?
A: Yes. Enable Binary Property in the Webhook settings. Uploaded files appear as binary data that downstream nodes can process or save.
Q: How do I handle webhook bursts (many events at once)?
A: n8n queues incoming webhook requests. For very high throughput, run multiple n8n worker processes on SmartXHosting (contact support for scaled deployment options).
Q: Does my webhook URL change if I upgrade my hosting plan?
A: No — the URL is tied to your instance domain, not the underlying resources. Plan upgrades don’t break existing webhook integrations.
Q: Can I test webhooks locally before deploying?
A: SmartXHosting provides staging environments on request. Alternatively, use n8n’s Test URL during development; it only listens while the editor is open.
Q: What about rate limiting?
A: n8n itself doesn’t rate-limit webhooks, but the SmartXHosting WAF (Imunify360) may throttle obvious abuse patterns. For legitimate high-volume traffic, contact support to whitelist sources.
Q: How do I debug a webhook that isn’t firing?
A: Use curl to manually POST to the webhook URL and check if n8n’s Executions page shows the call. If curl works but the real sender doesn’t, the issue is on the sender side — check its delivery logs.
Q: Can the same webhook trigger multiple workflows?
A: No, one URL belongs to one webhook node in one workflow. But a workflow can call other workflows via the Execute Workflow node, so you can fan out to multiple downstream automations.