Version: Current

Webhook Trigger

Description

Use the Webhook Trigger activity to automatically start a workflow when an HTTP request is received on the configured webhook endpoint.

The Webhook Trigger exposes a unique endpoint URL that external systems, applications, or services can invoke to trigger workflow execution.

This activity is commonly used for:

API integrations
Event-driven automation
Third-party application callbacks
Real-time process execution
External system notifications
Custom integration scenarios

info

Webhook triggers are registered only when the workflow is published. Saving or updating a draft workflow does not create or modify the webhook endpoint configuration.

After publishing, the webhook can be managed from the Webhook Management Page.

Configuration

The Webhook Trigger configuration is organized into the following sections:

Inputs
Advanced
Outputs

Inputs

Endpoint URL

Represents the unique webhook endpoint URL generated for the activity.

The generated endpoint URL can be used by external systems to invoke the workflow.

Each webhook endpoint URL is unique and remains associated with the workflow trigger configuration.

The endpoint URL is generated automatically by the activity.

Authentication

Configure the authentication mechanism required to access the webhook endpoint.

Authentication settings are similar to the authentication options available in the When Chat Message Received trigger activity.

Authentication can be used to:

Restrict unauthorized access
Validate incoming requests
Secure webhook execution
Protect workflow endpoints from misuse

HTTP Method

Specify the HTTP method supported by the webhook endpoint.

The webhook trigger supports standard HTTP methods, including:

GET
POST
PUT
PATCH
DELETE
OPTIONS
HEAD

The selected method determines the type of incoming HTTP requests that can trigger the workflow.

Response Mode

Specify how responses are returned to the webhook caller.

Option	Description
Immediately	Returns the response immediately after the workflow execution is initiated.
When Process Execution Finishes	Returns the response only after the workflow execution completes.
Using 'Respond to Webhook' activity	Allows the workflow to explicitly control the webhook response using the Respond to Webhook activity. This is the default response mode.
Streaming	Sends the response progressively while the workflow generates output.

Advanced

IP(s) Whitelist

Use this section to restrict which IP addresses can invoke the webhook endpoint.

Supported address formats include:

IPv4 addresses
IPv6 addresses
CIDR notation ranges

note

Requests originating from IP addresses outside the configured whitelist are rejected with a 403 Forbidden response.
If no IP addresses are configured, the webhook endpoint can be accessed from any IP address.

Allowed Origins (CORS)

Specify the origins allowed to access the webhook endpoint from browser-based applications.

This setting controls cross-origin browser access to the webhook endpoint.

You can configure:

Individual origins
Multiple origins
Wildcard origin (*)

Max Payload Size

Specify the maximum allowed request payload size, in bytes, accepted by the webhook endpoint.

The default value is:

16777216

Requests exceeding the configured payload size are rejected.

Ignore Bots

Enable this option to detect and ignore requests originating from automated bots.

When enabled, known bot requests are restricted from triggering the workflow.

This option is disabled by default.

Outputs

The Webhook Trigger activity provides access to incoming HTTP request information through the following outputs.

Source URL

Represents the source URL from which the webhook request originated.

Headers

Represents the HTTP headers included in the incoming request.

Query Parameters

Represents the query string parameters associated with the request URL.

Method

Represents the HTTP method used for the incoming request.

Examples include:

GET
POST
PUT
DELETE

Body

Represents the request payload body received by the webhook endpoint.

Route Parameters

Represents the route parameters extracted from the webhook URL pattern.

Client IP

Represents the IP address of the client that initiated the webhook request.

User Agent

Represents the user-agent information associated with the incoming request.

Content Type

Represents the content type of the incoming request payload.

Examples include:

application/json
multipart/form-data
text/plain

Content Length

Represents the size of the incoming request payload.

Is Binary

Indicates whether the incoming request payload contains binary data.

Binary Data

Represents the binary request payload when binary content is received.

Authentication Status

Represents the authentication validation status of the incoming request.

CORS Origin

Represents the origin associated with the incoming cross-origin request.

Request Timestamp

Represents the UTC date and time when the webhook request was received.

Notes

The Webhook Trigger activity is a trigger activity and must be placed at the beginning of the workflow.
Webhook triggers are registered only when the workflow is published.
Updating a draft workflow does not update the registered webhook configuration.
Webhook endpoint accessibility depends on network configuration and server availability.
Proper authentication and IP restrictions are recommended for production webhook endpoints.

Webhook Management – Manage and monitor webhook triggers in the AI Command Center.

Description​

Configuration​

Inputs​

Endpoint URL​

Authentication​

HTTP Method​

Response Mode​

Advanced​

IP(s) Whitelist​

Allowed Origins (CORS)​

Max Payload Size​

Ignore Bots​

Outputs​

Source URL​

Headers​

Query Parameters​

Method​

Body​

Route Parameters​

Client IP​

User Agent​

Content Type​

Content Length​

Is Binary​

Binary Data​

Authentication Status​

CORS Origin​

Request Timestamp​

Notes​

Related​