Is it possible to access a Webhook's headers from Workflows?

When setting a webhook trigger, is there a way to access the headers sent with the request?

I don't see this information in, or startTrigger.metadata (which seems to always be null)

1 Like

Hey @brettski!

This is a request devs have on their radar, thanks for surfacing it here! Is there a particular use case you have for the headers that I can pass along?

Hello @Kabirdas,

Verifying a webhook signature using HMAC was what I was looking to do in this case.

A generic example of this is explained here: Hash-based Message Authentication Code (HMAC) - Docs

Really useful for validating webhooks from many services, e.g. Stripe, which use HMAC signing for validation. It can also be a great stop-gap between being able to add JS libraries to workflows. For Example the stripe SDK can validate the webhook for you, but you can also do it manually as it's an HMAC signature.

I guess one other thing which will be required to validate a webhook signature is access to the raw body of the request from the end point as you are validating what was sent is the same as what was recevied.

Got it, thanks for sharing (and teaching me something new :smile: )!

Will let you know here as soon as it's included.

+1 for this

Being able to access the response body for authenticating and endpoint with a service is a must-have.

Right now I'm trying to bypass my current Zapier integration between and Retool but I can't verify the webhook I've created in my Workflow.

"The URL you specified should be, of course, controlled by your app. Our platform checks this by sending a JSON challenge to your endpoint, and your app should respond back with the same challenge."

No matter what data I try to return from my Retool webhook the response is always this format meaning I can't validate the webhook with a 3rd party service. Any suggestions on working around this would be very welcome!

    "success": true,
    "workflow_run": {
        "id": "xxxx",
        "workflow_id": "xxxx",
        "created_at": "2023-02-07T15:54:03.608Z",
        "status": "PENDING"