What are Webhooks?
Webhooks let external systems trigger your Autonoly workflows in real-time. Instead of polling for changes or running workflows on a schedule, webhooks start your automation the instant something happens — a form is submitted, a payment is processed, a new lead enters your CRM, or any other event.
Each webhook generates a unique URL. Paste that URL into any service that supports webhook notifications, and data flows directly into your workflow. This is the bridge between Autonoly and the rest of your tech stack. For teams evaluating how Autonoly compares to other webhook-capable platforms, our Zapier vs Make vs n8n vs Autonoly comparison covers the differences in detail.
How Webhooks Differ from Scheduled Execution
Scheduled Execution runs workflows on a time-based trigger — every hour, every day, at a specific time. Webhooks run workflows on an event-based trigger — when something happens. Both are valuable, and many automations use both: a webhook triggers the initial processing, and a schedule handles daily summaries.
The key advantage of webhooks is latency. A scheduled workflow that runs every hour might process an event up to 59 minutes after it occurs. A webhook triggers the workflow within seconds of the event. For time-sensitive processes like order fulfillment, lead response, or security alerts, this difference matters.
Webhook Configuration
Endpoint Setup
Creating a webhook takes seconds:
- Select a workflow to trigger
- A unique URL is generated automatically
- Optionally configure authentication and validation
- The endpoint is live immediately
You can also create a webhook endpoint before the workflow is ready. Incoming requests are queued, and once you attach a workflow, the queue is processed. This is useful during development when you want to capture test payloads from the sending system before building the full workflow.
Authentication Options
Protect your webhook endpoints from unauthorized access:
Secret token — include a shared secret in request headers for simple authentication
HMAC signature — verify request authenticity using HMAC-SHA256 signatures
IP whitelisting — restrict incoming requests to specific IP addresses
No auth — for development and testing, or when the sending service doesn't support authentication
Request Validation
Define rules for incoming data to ensure your workflow receives valid input:
Required fields — reject requests missing required data
Type validation — ensure fields match expected types (string, number, date)
Schema validation — validate against a JSON schema for complex payloads
Size limits — reject payloads that exceed a configurable size limit
Validation failures return a clear error response to the sender, including which fields failed and why. This makes debugging integrations straightforward for both you and the system sending the webhook.
Data Mapping
Incoming webhook data arrives as a JSON payload. Map fields from the payload to your workflow inputs:
Automatic mapping — Autonoly detects field names and maps them to matching workflow inputs
Manual mapping — drag and drop payload fields to workflow inputs for custom mapping
Transformation — apply simple transforms during mapping (date formatting, string operations, type conversion)
Default values — set fallbacks for optional fields that may not be present in every request
Nested field access — reach into deeply nested JSON structures with dot notation (e.g.,
data.customer.email)
Use Cases
Webhooks connect Autonoly to virtually any external system:
CRM Integration
When a new lead is added to your CRM, trigger a workflow that enriches the lead data by visiting their website with Browser Automation, extracting company information with Data Extraction, and writing the enriched data back via API & HTTP.
E-Commerce Events
Receive order notifications and trigger fulfillment workflows. Combine with Database queries to check inventory, and Email Campaigns to send confirmation emails.
Form Submissions
Connect form builders like Typeform, JotForm, or Google Forms to trigger workflows when forms are submitted. Process the data, store it, and trigger follow-up actions automatically.
Custom Applications
Any application that can make HTTP requests can trigger Autonoly workflows. Build webhooks into your own tools and services for seamless integration.
Monitoring and Debugging
The webhook dashboard provides full visibility into incoming requests:
Request log — view every incoming request with headers, body, and timestamp
Execution status — see whether the triggered workflow succeeded or failed
Replay — resend any past request to re-trigger the workflow for debugging
Error details — detailed error messages when validation fails or the workflow encounters issues
Latency metrics — see how long it took from receiving the webhook to starting the workflow execution
Combining with Other Triggers
Webhooks work alongside other trigger types:
[Scheduled Execution](/features/scheduled-execution) — combine event-based and time-based triggers
[Visual Workflow Builder](/features/visual-workflow-builder) — build complex workflows triggered by webhook data
[Logic & Flow](/features/logic-flow) — route webhook data through conditional branches based on payload content
Best Practices
Always enable authentication on production endpoints. During development, unauthenticated endpoints are convenient. But in production, any exposed URL can receive requests from anyone on the internet. At minimum, use a secret token. For high-security workflows, combine HMAC signatures with IP whitelisting.
Validate incoming payloads strictly. Define a JSON schema for your expected payload structure and reject anything that does not match. This prevents malformed data from entering your workflow and causing failures at later stages. It also protects against injection attacks if the payload data is used in database queries.
Use the replay feature for debugging, not manual re-triggering. When a webhook-triggered workflow fails, use the replay button to re-send the exact same payload. This ensures you are testing with real data and real conditions. You can also edit the payload before replaying, which is useful for testing edge cases.
Monitor webhook latency and throughput. If you notice increasing latency between webhook receipt and workflow start, it may indicate that your concurrent execution slots are saturated. Consider upgrading your plan or optimizing your workflows to complete faster. Our AI workflow automation guide includes tips for optimizing execution speed.
Set up dead-letter handling for failed requests. If a webhook triggers a workflow that fails repeatedly, the request should not be silently dropped. Configure failure notifications and review failed requests in the webhook dashboard. For critical workflows, set up a fallback webhook that routes failed requests to a manual processing queue.
Security & Compliance
Webhook endpoints are secured with HTTPS by default — all incoming requests must use TLS encryption. Autonoly does not accept webhook requests over plain HTTP. This ensures that data in transit is always encrypted, which is critical when webhooks carry sensitive information like customer data, order details, or financial records.
HMAC signature verification provides the strongest authentication option. The sending system signs each request with a shared secret, and Autonoly verifies the signature before processing. This prevents replay attacks and ensures that the request was genuinely sent by the configured source. For systems that support it, this is the recommended authentication method.
All incoming webhook requests are logged with full headers, body, source IP, timestamp, and processing status. These logs are retained for 30 days by default (configurable on enterprise plans) and are available in the security dashboard. For organizations subject to audit requirements, webhook logs can be exported or forwarded to external SIEM systems. The combination of authentication, validation, and logging provides a complete chain of custody for every event that triggers a workflow.
Common Use Cases
Real-Time Lead Response
A marketing team uses Typeform for lead capture on their website. When a prospect submits the form, Typeform sends a webhook to Autonoly. The workflow immediately enriches the lead by visiting the prospect's company website with Browser Automation, extracting company size and industry with Data Extraction, and writing the enriched record to a database. If the lead matches the ideal customer profile (checked via Logic & Flow), an email campaign sequence starts within minutes of the form submission. The entire process runs in under 60 seconds, ensuring that high-value leads receive a response while they are still engaged. This approach aligns with strategies covered in our lead generation automation guide.
E-Commerce Order Processing Pipeline
An online store sends order webhooks from Shopify to Autonoly. Each order triggers a multi-step workflow: verify payment status via API & HTTP, check inventory in a database, update stock levels, generate a shipping label through a third-party API, and send an order confirmation via Email Campaigns. If inventory is low, the workflow also triggers a restock alert to the procurement team. The webhook payload carries the full order data, which the data mapping feature routes to the appropriate workflow inputs.
CI/CD Pipeline Integration
A development team configures GitHub to send webhook notifications when a pull request is merged. The webhook triggers an Autonoly workflow that scrapes the staging environment using Browser Automation, runs visual regression checks with AI Vision, and compares screenshots to a baseline. If differences are detected, the workflow posts the results to a Slack channel via Integrations and creates a ticket in the project management tool via API & HTTP. This lightweight QA pipeline runs automatically on every deployment.
Multi-Platform Data Aggregation
A data team receives webhooks from multiple SaaS tools — a CRM, an analytics platform, and a customer support system. Each webhook triggers a workflow that normalizes the incoming data via Data Processing and writes it to a central PostgreSQL database. A nightly scheduled workflow then runs aggregation queries across all sources to produce a unified dashboard. The webhooks ensure that data flows in real time, while the schedule handles cross-source analysis.
Check pricing for webhook endpoint limits and request volume per plan.