Overview
The http-webhook node creates a dedicated HTTP endpoint
that listens for incoming webhook requests from external services. Unlike the general-purpose
http-in node, this node is optimized specifically for webhook patterns with built-in
authentication, automatic response handling, and payload extraction.
Properties
| Property | Type | Default | Description |
|---|---|---|---|
| path | string | "/webhook" | URL path to listen on (e.g., /webhook/github) |
| method | string | "POST" | HTTP method: GET, POST, PUT, or DELETE |
| authType | string | "none" | Authentication type: none, basic, bearer, or header |
| authValue | string | "" | Expected auth credential (token, password, or header value) |
| rawBody | boolean | false | Pass raw body as Buffer instead of parsed object |
Authentication Modes
none
No authentication. Any request to the path is accepted. Use only for development or trusted networks.
basic
HTTP Basic Authentication. Validates username:password from the Authorization header against authValue.
bearer
Bearer token authentication. Checks the Authorization: Bearer <token> header against authValue.
header
Custom header authentication. Validates a specific header (e.g., X-Hub-Signature) against authValue.
Example: GitHub Webhook Receiver
Receive push events from GitHub and extract commit details. Uses header-based signature verification to authenticate requests.
// http-webhook node configuration
{
"path": "/webhook/github",
"method": "POST",
"authType": "header",
"authValue": "X-Hub-Signature-256",
"rawBody": true
}
// Output msg object:
{
"payload": {
"action": "push",
"repository": { "full_name": "user/repo" },
"commits": [
{
"message": "Fix sensor calibration",
"author": { "name": "developer" }
}
],
"ref": "refs/heads/main"
},
"headers": {
"x-github-event": "push",
"x-hub-signature-256": "sha256=abc123..."
},
"_msgid": "wh001"
}Example: IoT Device Data Endpoint
Accept sensor data from IoT devices using bearer token authentication. Devices POST JSON payloads with temperature and humidity readings.
// http-webhook node configuration
{
"path": "/api/devices/data",
"method": "POST",
"authType": "bearer",
"authValue": "iot-secret-token-2024",
"rawBody": false
}
// Curl command from device:
// curl -X POST http://edgeflow:1880/api/devices/data \
// -H "Authorization: Bearer iot-secret-token-2024" \
// -H "Content-Type: application/json" \
// -d '{"device":"dht22-01","temp":23.5,"humidity":65}'
// Output msg.payload (auto-parsed JSON):
{
"device": "dht22-01",
"temp": 23.5,
"humidity": 65
}Example: Stripe Payment Webhook
Listen for payment events from Stripe with signature verification enabled via raw body mode.
// http-webhook node configuration
{
"path": "/webhook/stripe",
"method": "POST",
"authType": "header",
"authValue": "stripe-signature",
"rawBody": true
}
// Use rawBody: true so the signature can be verified
// against the original request body before parsing.
// A downstream function node can then verify and parse:
// function node:
const sig = msg.headers['stripe-signature'];
const body = msg.payload; // Buffer
// verify signature, then parse
msg.payload = JSON.parse(body.toString());
return msg;Common Use Cases
CI/CD Triggers
Receive GitHub/GitLab push events to trigger deployments
IoT Data Ingestion
Accept sensor readings from HTTP-capable devices
Payment Processing
Handle Stripe, PayPal, or Square payment notifications
Alerting Integrations
Receive alerts from monitoring services like PagerDuty