Overview
The HTTP Webhook trigger gives any Taskade automation a unique inbound URL. Any system that can POST JSON can start the automation. Pair it with branching, looping, and AI actions to build any pipeline you need.
TL;DR: Add the Webhook Received trigger to any automation, copy the unique URL, and POST JSON from any external system to fire your workflow. Available on Business, Max, and Enterprise. Pair with Branch, Loop, Utility Actions, and Structured Output to handle real-world payloads end to end.
How the trigger fits the loop
A webhook is the canonical Execution input: an external system tells Taskade something happened, and your automation runs the rest of the loop.
Webhook trigger vs. Webhook action
These two sound the same but flow in opposite directions. Pick the one that matches the data direction you need.
| Type | Direction | What it does |
|---|---|---|
| HTTP Webhook trigger (this article) | Inbound | Receives a POST from an external system and starts an automation |
| Webhook action | Outbound | Sends a POST from a running automation to an external system |
If your goal is "when something happens in Stripe, run my Taskade automation," you want the trigger. If your goal is "when my Taskade automation finishes, notify Slack via a custom URL," you want the action.
Set up the trigger
Create the trigger first, then wire your external system to the URL it gives you.
- Open the automation you want to start from a webhook.
- Click Add Trigger.
- Pick Webhook Received from the HTTP trigger list.
- Copy the unique Webhook URL shown in the trigger panel.
- Click Save.
Keep that URL handy. You will paste it into the external service that needs to fire the automation.
Reference fields from the payload
The trigger parses incoming JSON automatically when the request includes Content-Type: application/json. The full payload is exposed to every downstream action through five variables you can reference with the @ picker or {{ }} syntax.
| Variable | What it holds | Example |
|---|---|---|
body |
Parsed JSON object | {{trigger.body.customer_email}} |
bodyText |
Raw payload as a string | {{trigger.bodyText}} |
headers |
Request headers | {{trigger.headers["x-api-key"]}} |
method |
HTTP verb (always POST here) |
{{trigger.method}} |
queryParams |
URL query string keys | {{trigger.queryParams.source}} |
To pull a single nested value out of body, pair the trigger with JSON Extract and a JSONPath query like $.user.email. To work with the raw text (for example, to verify a signature header), reach for bodyText.
Test the trigger
Send a real request from your terminal to confirm the trigger fires and your fields parse correctly.
curl -X POST "YOUR_WEBHOOK_URL" \
-H "Content-Type: application/json" \
-d '{
"customer_email": "[email protected]",
"order_id": "ORD-1042",
"amount": 49.00
}'
A successful request returns HTTP 202 Accepted. The automation runs in the background and you can watch progress in the Runs tab.
| Response | What it means | What to do |
|---|---|---|
| 202 Accepted | Payload accepted, automation queued | Open Runs to watch the steps complete |
| 400 Bad Request | JSON malformed or field types do not match | Validate the payload at jsonlint.com |
| 404 Not Found | Wrong URL, or automation is paused | Re-copy the URL and toggle the automation on |
Reliability and retries
Taskade stores every delivery before processing it, so a brief downstream hiccup never loses an event.
- Every inbound POST is persisted before any action runs.
- Actions that error are retried automatically with backoff.
- You can replay any past delivery from the Runs tab in one click.
- Long-running actions do not block the next webhook from being accepted.
This is the same reliable retry behavior used by every action in the automation.
Plan availability
The HTTP Webhook trigger is gated to Business and above because it accepts unbounded inbound traffic from any external service.
| Plan | HTTP Webhook trigger |
|---|---|
| Free, Starter, Pro | Use built-in triggers like Forms, Schedule, and task events |
| Business, Max, Enterprise | Full HTTP Webhook trigger access |
See the pricing page for the latest plan matrix.
Security tips
Treat the webhook URL like a password. Anyone holding it can fire your automation.
- Keep the URL out of public repos, screenshots, and shared docs.
- Optionally require a shared header secret in the trigger settings, then verify it in a Branch step before any real work runs.
- Rotate the URL right away if it leaks. Save the new URL into the sending tool.
- Prefer signed payloads from the source when the source supports them, for example Stripe signatures or GitHub HMAC headers.
Related guides
- Webhooks (Action). Outbound counterpart that sends events from Taskade.
- Branch Action. Route incoming payloads to different paths.
- Loop Action. Iterate over arrays inside a webhook payload.
- Structured Output. Turn raw payloads into typed variables.
- HTTP Request Action. Call external APIs from inside the automation.