The problem is that there is no auth now. So anyone can hit my webhook. I want this webhook to be only for Netlify. In Netlify options there is jwt token section. So it seems i can send jwt token along with post hook. But i don’t know how to use this information in my n8n workflow.
Are there any examples how can I receive and auth jwt tokens with my webhook node?
No sorry, JWT is currently not supported to authenticate Webhook requests. That said does n8n use an unique UUID for each Webhook-URL by default. So the chance that somebody would guess that is incredible low. Apart from that, could you also add basic-auth on top which should also work in combination with Netfily. If they do not support it by default, should you be able to simply add users & password in the URL like this: https://<USER>:<PASSWORD>@n8n.whatever.com/xxxx
Thanks for the answer @jan , do you plan to support jwt? I want to move all my automation to n8n but security is something really important and I don’t want to leave my webhooks exposed without auth
Can you please explain this pass and user option? Is there any source that you can share about how to create my webhook like that and how to auth in n8n?
To create your Webhook like that you set on the node “Authentication” to “Basic Auth”. In the then appearing “Basic Auth” drop-down you select “Create New”. There you set a name for the credentials (does not matter what) and a user and password (try to stay there with alphanumeric characters). Whatever you set there as user & password is what you add to the URL (in the same format I did provide above as example) and use that then as “URL to notify” on Netlify.
So what it is doing is adding credentials that would need to be used to post to the webhook so in theory only something you have provided those to would be able to connect.
Depending on the service though some offer a signed token that you can validate on post to make sure it is legit, You wouldn’t be able to set this up on the actual Webhook node but the next couple of nodes in your workflow could validate this.
How you do that would depend on what is offered up so you could use a function node and write some javascript to do the validation if it is using say JWT or if it is HMAC you could use the Crypto node.
