How to secure Netlify hooks with JWT

Questions
#1

Hi,

New in n8n here. Recently switched from Zapier. I have a question.

I have a workflow when my Netlify build fails it hits my n8n webhook. After i get an email about failed deploy.

Artboard – 4
Artboard – 41223×405 28.5 KB

The problem is that there is no auth now. So anyone can hit my webhook. I want this webhook to be only for Netlify. In Netlify options there is jwt token section. So it seems i can send jwt token along with post hook. But i don’t know how to use this information in my n8n workflow.

Are there any examples how can I receive and auth jwt tokens with my webhook node?

#2

Welcome to the community @demirel!

No sorry, JWT is currently not supported to authenticate Webhook requests. That said does n8n use an unique UUID for each Webhook-URL by default. So the chance that somebody would guess that is incredible low. Apart from that, could you also add basic-auth on top which should also work in combination with Netfily. If they do not support it by default, should you be able to simply add users & password in the URL like this: https://<USER>:<PASSWORD>@n8n.whatever.com/xxxx

Hope that helps!

#3

Thanks for the answer @jan , do you plan to support jwt? I want to move all my automation to n8n but security is something really important and I don’t want to leave my webhooks exposed without auth :slight_smile:

Can you please explain this pass and user option? Is there any source that you can share about how to create my webhook like that and how to auth in n8n?

#4

To create your Webhook like that you set on the node “Authentication” to “Basic Auth”. In the then appearing “Basic Auth” drop-down you select “Create New”. There you set a name for the credentials (does not matter what) and a user and password (try to stay there with alphanumeric characters). Whatever you set there as user & password is what you add to the URL (in the same format I did provide above as example) and use that then as “URL to notify” on Netlify.

1 Like