Kai S. Huxmann This workflow corresponds to n8n.io template #9570 — we link there as the canonical source.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "E7eplEMAGeni95MM",
"meta": {
"templateCredsSetupCompleted": true
},
"name": "Secure GET Webhooks e.g. from Google Sheets v1.0",
"tags": [
{
"id": "bPkcrK17uG3HMk6T",
"name": "\ud83c\udff7\ufe0f Template",
"createdAt": "2025-09-03T06:52:38.087Z",
"updatedAt": "2025-09-03T06:52:38.087Z"
},
{
"id": "v4mArge40MnxFxw5",
"name": "\ud83d\udfe2 operational",
"createdAt": "2025-08-10T13:32:11.849Z",
"updatedAt": "2025-08-19T17:01:08.590Z"
}
],
"nodes": [
{
"id": "9dec6b1f-252e-4a92-b6d1-f7132f0aaa02",
"name": "Validation Failed",
"type": "n8n-nodes-base.stopAndError",
"position": [
576,
-560
],
"parameters": {
"errorMessage": "=The Webhook Secret was invalid in {{ $workflow.name }}."
},
"typeVersion": 1
},
{
"id": "180d0b5b-7f4b-460f-856c-a9bf0f634b11",
"name": "Sticky Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
32,
-928
],
"parameters": {
"color": 7,
"width": 224,
"height": 512,
"content": "## Webhook trigger\n- freely accessible in the internet if not protected\n- **SHOULD be protected** as good as possible for any serious n8n usage!!!\n"
},
"typeVersion": 1
},
{
"id": "b540cb57-6890-4b3a-aa98-b003a9004076",
"name": "Sticky Note7",
"type": "n8n-nodes-base.stickyNote",
"position": [
-48,
-1104
],
"parameters": {
"color": 4,
"width": 1136,
"height": 784,
"content": "# Example Setup\n- Simple initial steps to secure a webhook"
},
"typeVersion": 1
},
{
"id": "395a2009-27f1-409e-8a0b-2c96ad7c973d",
"name": "Secret valid?",
"type": "n8n-nodes-base.if",
"position": [
368,
-720
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "acef0d8a-e16e-44be-b8b4-97be4b160a1f",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.query.secret }}",
"rightValue": "=123"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "51ae4f23-f8d5-4a45-976b-f41a3210496c",
"name": "Do whatever your workflow is supposed to do",
"type": "n8n-nodes-base.noOp",
"position": [
848,
-736
],
"parameters": {},
"typeVersion": 1
},
{
"id": "2cd48180-08c6-4f10-ae4f-48b8e36e3ac4",
"name": "Sticky Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-928
],
"parameters": {
"color": 7,
"width": 416,
"height": 512,
"content": "## Check if Secret is correct\n- **if valid:** proceed as normal\n- **if NOT valid:** stop workflow with error \n(alternatively you can just ignore this case)"
},
"typeVersion": 1
},
{
"id": "8bcd9b25-ce98-4080-b5c3-5c6e77d37cea",
"name": "\"Unprotected\" Webhook",
"type": "n8n-nodes-base.webhook",
"position": [
96,
-720
],
"parameters": {
"path": "fb7e29f1-06fd-4c35-a229-cb7f909ea45e",
"options": {}
},
"typeVersion": 2.1
},
{
"id": "4f6d4878-e895-4342-a7e9-02ba81c39774",
"name": "Sticky Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-832,
-1104
],
"parameters": {
"width": 736,
"height": 784,
"content": "# \ud83d\ude80 Start Here\n## What are webhooks?\n\nWebhooks are special URLs that instantly trigger workflows when they receive an incoming HTTP request (like GET or POST). They're perfect for connecting external tools to n8n in real time.\n\n## \ud83d\udd10 Why webhooks should be protected\nUnprotected webhooks are publicly accessible on the internet \u2014 anyone with the link can trigger your workflow. This can lead to spam, unwanted requests, or even data loss.\n\n## \u2705 Best Practice: Use built-in Authentication\nn8n provides native authentication options for webhook nodes:\n- Basic Auth\n- Header Auth\n- JWT Auth\n\nThese methods are **highly recommended if supported by your external app or service**. You can find them in the \u201cAuthentication\u201d dropdown of the webhook node.\n\n## \ud83d\udee0\ufe0f When to use THIS SETUP\nSometimes, external tools don\u2019t support custom headers or advanced auth methods \u2014 for example:\n- A button click in Google Sheets\n- A link shared via email or chat with a trusted partner\n- IoT devices or basic web apps\n\nIn those cases, you can protect a webhook by adding a secret query parameter (e.g. ?secret=abc123xyz456...) and validating it with an IF node at the start of your workflow. \n\n**This way, only those requests with the secret can trigger the core elements of your workflow.**\n\nIt's a simple yet powerful way to secure GET-based workflows. Only use if better methods aren't available."
},
"typeVersion": 1
}
],
"active": false,
"settings": {
"callerPolicy": "workflowsFromSameOwner",
"errorWorkflow": "YEvXt4fjXiqx3zZt",
"executionOrder": "v1",
"executionTimeout": 180,
"timeSavedPerExecution": 1
},
"versionId": "113d46b8-bdd0-4dc7-929e-aaa77a923faa",
"connections": {
"Secret valid?": {
"main": [
[
{
"node": "Do whatever your workflow is supposed to do",
"type": "main",
"index": 0
}
],
[
{
"node": "Validation Failed",
"type": "main",
"index": 0
}
]
]
},
"\"Unprotected\" Webhook": {
"main": [
[
{
"node": "Secret valid?",
"type": "main",
"index": 0
}
]
]
}
}
}
Pro
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
Webhooks are special URLs that instantly trigger workflows when they receive an incoming HTTP request (like GET or POST). They're perfect for connecting external tools to n8n in real time.
Source: https://n8n.io/workflows/9570/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
Auth0 User Login. Uses httpRequest, stopAndError, respondToWebhook, stickyNote. Webhook trigger; 16 nodes.
HTTP Request, Stop And Error
Stopanderror Stickynote. Uses stopAndError, stickyNote. Webhook trigger; 15 nodes.
Stop And Error
TheHive. Uses theHive, signl4, stopAndError. Webhook trigger; 9 nodes.
The Hive, Signl4, Stop And Error
Unique QRcode coupon assignment and validation for Lead Generation system. Uses httpRequest, formTrigger, googleSheets, stickyNote. Webhook trigger; 29 nodes.
HTTP Request, Form Trigger, Google Sheets +1
Line Save File to Google Drive and Log File's URL. Uses googleSheets, googleDrive, httpRequest, stickyNote. Webhook trigger; 27 nodes.
Google Sheets, Google Drive, HTTP Request