Send Webhook

Type key: send_webhook
Group: Integrations
Category: integration
Tier: CORE

The Send Webhook node sends an outbound HTTP request to a target URL. It supports:

• URL / headers / query params tag interpolation ({{tags}})
• Optional envelope mode (adds event + metadata wrapper)
• Optional HMAC-SHA256 signing via X-Voodflow-Signature
• Timeout and multiple HTTP methods

Handles

Handle	Direction	Description
input	Input	Data available for tag interpolation and payload building
output	Output	Emits the full response from the remote endpoint

Configuration

Field	Type	Default	Description
url	string	""	Target webhook URL; supports {{tags}}
method	enum	POST	HTTP method: POST, PUT, PATCH, GET, DELETE
headers	object/array	[]	Custom request headers; supports {{tags}}
query_params	object/array	[]	Query parameters appended to URL; supports {{tags}}
payload_mode	enum	payload	How to transmit data: payload or envelope
payloadFields	array	[]	Optional allowlist of fields to include in the payload
signing_secret	string	null	Secret used to generate an HMAC-SHA256 signature header
timeout	integer	30	Request timeout in seconds

What is sent (payload building)

This node does not send an arbitrary “custom JSON body” defined in config.

Instead it builds the request payload from the full execution context:

• If payloadFields is empty (default): sends the entire full context.
• If payloadFields has entries: extracts only those fields from the full context.

There is one special case: if the extracted data becomes { "data": [ ... ] } (an indexed list), the node will “unwrap” it and send the inner array directly to avoid double nesting.

Date formatting

When building the payload, strings that look like ISO datetime (e.g. 2026-03-30T17:17:00...) are formatted using config('voodflow.date_format').

Payload Modes

payload (default)

Sends the payload described above (full context or payloadFields subset) as the request body.

envelope

Wraps the payload in an envelope with event + metadata:

{
  "event": "Webhook",
  "timestamp": "2024-11-15T14:30:00Z",
  "data": { /* payload */ },
  "metadata": {
    "workflow_id": 123,
    "execution_id": 456,
    "node_id": 789
  }
}

Notes:

• event is class_basename($context->eventClass) (e.g. Webhook, schedule, TestEvent).
• node_id is the database id of the node record (not the graph node_id string).

HMAC Signature

When signing_secret is set, the node computes an HMAC-SHA256 digest of the serialized request body and adds it as a request header:

X-Voodflow-Signature: <hex_digest>

The receiving endpoint can verify the signature using the same secret, confirming the request originated from Voodflow.

Signature computation:

$signature = hash_hmac('sha256', json_encode($requestData), $signingSecret);
$header = $signature; // plain hex, no prefix

Important:

• Tag replacement is applied to URL, headers, and query params.
  signing_secret is used as-is (no {{tags}} interpolation).
• The signature is computed from the final $requestData (payload or envelope).

Output Format

On success:

{
    "success": true,
    "status_code": 200,
    "response": {
        "ok": true,
        "message": "Accepted"
    },
    "url": "https://hooks.example.com/...",
    "method": "POST"
}

On failure:

• Non-2xx responses return ExecutionResult::failure() and include the response payload in the output.
• Network errors / timeouts return ExecutionResult::failure() with { url, method, error }.

Use a Catch node to handle retries or fallback logic.

Template Support

Tag replacement ({{tags}}) is supported in these fields:

Field	Example
url	https://hooks.example.com/{{input.user.id}}
Header values	Authorization: Bearer {{variables.token}}
Query params	?source={{_webhook.ip}}

Examples

Send Webhook Notification

URL: https://hooks.example.com/services/T000/B000/xxxx
Method: POST
Payload Mode: payload
PayloadFields:
  - input.order_id
  - input.customer_name
  - input.total
Headers:
  Authorization: Bearer {{variables.token}}

Trigger External Workflow

URL: https://workflow-provider.example.com/webhook/voodflow-inbound
Method: POST
Payload Mode: envelope
Signing Secret: <read from credentials>

Add query parameters

URL: https://api.example.com/webhook
Query params:
  source: {{variables.source}}
  execution: {{execution.id}}

Notes

• This node differs from HTTP Request in that it is purpose-built for outbound webhooks: it provides envelope mode and HMAC signing out of the box.
• Use HTTP Request for full REST API interactions (auth flows, response parsing, pagination).
• Content-Type: application/json is used by Laravel’s HTTP client by default for array payloads.