Webhook header authorization

Ahoy. Fresh off the Integromat boat and keen to automate some personal finances from Starling Bank v2 webhooks however my enthusiasm is dwindling from being stuck for over a day at the first hurdle - I can’t get the webhook to trigger.

I had this setup working in Integromat and it seemed like all I had to do was provide the payload URL though I honestly can’t remember what authorization steps I went through.

There’s no error message as there’s simply nothing happening when I do things in the banking app that otherwise successfully trigger Integromat’s webhook. I’m sure it’s something to do with credentials but between the Starling Bank API docs, n8n docs and HTTP articles I’m completely overwhelmed and baffled to be honest. I’m no developer but I’ve been using Python since January and have taken to JavaScript in the last couple of days, hence interest in n8n… starting to feel like I’m out of my depth though so any help would be really appreciated.

I don’t think I can share the workflow because it has my public API key from Starling but here’s some screenshots.

Should I be writing something else in the name field of the Header Auth?
What the hell is SHA512withRSA?
Or an X-Hook-Signature?
Should I just retreat back to no code (where I belong)?

Again, any insights very much appreciated.


n8n Version: 0.182.0, desktop app

Hi @Tony_McHugh, from your screenshot it looks like you’re using the GET method in n8n, but the documentation page you have linked suggests they are using POST methods:

So, in a first step I’d try updating the HTTP Method in n8n accordingly.

Also, it seems Starling Bank expects very specific paths for your webhook. Meaning the default path (the lengthy alpha-numeric ID) will probably not work and you’d probably need to use paths such as /registered-web-hook-address/feed-item from their documentation.

X-Hook-Signature would be a request header, but let’s look at that once you’re able to receive Starling Bank’s webhooks.

Hi @MutedJam, thanks for the reply.

I’ve changed it to POST but still nothing.
Regarding paths, when you setup the webhook, if gives you the option to use these sub-paths or not. I chose not to but here’s an example of what it looks like when you do opt for sub-paths. Also for context, the top webhook called “Starling” is still successfully sending to Integromat.

Any ideas?

Thanks again!

Hi @Tony_McHugh, thx so much for clarifying on the paths! I don’t have a Starling bank account anymore so can’t test any of this myself.

As for the webhook, I see that you’re using a test URL. This URL would only work for a short time after you click on the “Listen” button in n8n (check our documentation for details on the two webhook URLs).

In case you have manually executed the workflow when using the test URL, did you trigger any event in your Starling account that would fire a webhook? Do they provide any kind of logging for each webhook fired?

Hi @MutedJam, no worries. Apologies for delay - I posted in Starling Developer slack channel about the possibility of observing outgoing webhooks but got zero replies.

Yeah anytime I trigger some action in the Starling app I’m first clicking “Listen For Event” in the webhook node, as per docs.

Based on the Starling docs you’ve seen, what do you think the name for the authentication header auth should be, assuming that the value is my Public Key?

Appreciate your help so far!

So, the header name shouldn’t matter when receiving the webhook as it’s something they would send to n8n. However, seeing nothing arrives within n8n at all, I wonder if your instance’s webhook URLs are working in the first place.

Could you click the Listen button and send a POST request to your webhook URL using a tool like curl, Insomnia or Postman? Using such a tool you can verify whether your n8n responds as expected or whether there’s possibly an issue with the webhook URL.

This is how things should look like in Insomnia:

Even if curl/Insomnia/Postman show an error it’ll probably help with understanding what’s going on.

In n8n itself you can then inspect the data coming from Insomnia (and hopefully from Starling Bank as well at some point):

I see, yeah I thought I would at least get some kind of error. Sent a POST request from Postman and got “Authorization data is wrong!” - which makes sense, I think?

Although nothing showing in n8n still…

So, this would be an error coming from n8n which is good as it means the webhook is working in principle. Could you try and disable the authentication option for the time being, then check once again with Postman + afterwards with Starling?

Okay now I’m unable to recreate the response we just got, with or with out authentication included… why might that be? Shall I just share the workflow with you privately maybe?

I will be out until next week, so it’d probably be good to keep it public for now. Which error are you getting after disabling the authentication?

Okay cool. So I restarted n8n app and used the newly generated test URL and now have n8n responding to both POST request from Postman AND updates in the app! Is the generation of new test URLs to be expected when opening and closing the app? I’m wondering if it’s possible that the URL updated itself before without me realising though I remember checking it multiple times…

Ah yes, this is unfortunately a downside the desktop app. It uses a special tunnel to make your local n8n instance available to the internet, and this tunnel isn’t suitable for production use (one of the reasons would be the non-permanent URL). Another problem would be that a desktop doesn’t typically run 24/7, so transactions (and webhooks) can be missed.

So, depending on your use case you might want to consider self-hosting n8n under a permanent domain name or consider using n8n cloud over using the desktop app.

Hmm interesting. Yeah it’d be best if the functionality didn’t rely on the desktop app being open so I guess I’d better look into self hosting / cloud app. I’ll look into it now. Thanks very much indeed for help - I’m very grateful and impressed!

1 Like