Webhook Triggers
Trigger automations from external systems via HTTP
Webhooks allow external systems to trigger automations via HTTP. Each automation has a unique endpoint and optional secret for authentication.
Endpoint
POST /functions/v1/automation-webhook
Request Headers
Content-Type: application/json
X-Automation-Id: your-automation-uuid
X-Webhook-Secret: your-secret-token (optional)
Request Body
{
"payload": {
"customer_name": "Acme Corp",
"order_total": 1250.00,
"event_type": "order_placed"
}
}
Payload Templating
You can reference payload fields in your user instruction using double-brace syntax. When the webhook fires, these placeholders are replaced with actual values:
Create a follow-up task for {{payload.customer_name}}
regarding their order of {{payload.order_total}}.
Response
{
"success": true,
"run_id": "run-uuid",
"execution_id": "execution-uuid",
"status": "completed | awaiting_confirmation | failed",
"pending_confirmation": { ... }
}
The webhook returns immediately with the run ID. Use the
statusfield to determine if the automation completed, failed, or is waiting for confirmation.
Manual Trigger
Automations can also be triggered manually from the Operator interface. On the home screen with an empty input, click the + menu and select Run Automation to choose and execute an automation.
Security Considerations
Webhook Secret: Always use a webhook secret for production automations. Without it, anyone who discovers your automation ID could trigger it.
- Webhook secrets are auto-generated but can be regenerated if compromised
- Destructive operations always pause for confirmation—automations cannot silently modify data
- Instance tokens are refreshed per-run using the owner's saved credentials
- Capability restrictions limit what actions an automation can perform