n8n Webhook and API Integration: HTTP Node Guide
n8n webhook API n8n's Webhook Trigger node converts incoming HTTP requests into workflow executions, while the HTTP Request node calls any REST API from within a workflow. Together, these two nodes provide the most flexible way to integrate services that have no native n8n connector.
Webhook and HTTP Node in n8n: The Trigger vs. Request Distinction
The Webhook Trigger node is a URL that n8n exposes to the outside world; incoming HTTP requests to that URL start a workflow. The HTTP Request node sends requests from within the workflow to external services. One captures inbound traffic; the other produces outbound requests.
Understanding the distinction between n8n's two HTTP-focused nodes is the foundation of correct integration architecture. n8n's workflow engine receives events through trigger nodes and processes them through successive nodes. The Webhook Trigger is the most flexible of these triggers: n8n provides a unique URL, and any HTTP request to that URL — GET, POST, PUT, PATCH, or DELETE — executes the workflow immediately.
The HTTP Request node serves a different role. While the workflow is running, it sends a request to any external API you specify and passes the response to subsequent nodes. You can use it to connect to your CRM, ERP, or any SaaS platform. Every service that communicates over HTTP can be integrated into a workflow through this node, regardless of whether n8n has a native connector for it.
| Property | Webhook Trigger Node | HTTP Request Node |
|---|---|---|
| Role | Captures incoming requests (passive listener) | Sends outgoing requests (active caller) |
| Position | Workflow start (trigger) | Anywhere in the middle of a workflow |
| Direction | External to n8n | n8n to external |
| Typical use | Publishing a webhook endpoint | Calling a REST API |
| Authentication | Header auth, Basic Auth, JWT (optional) | API key, OAuth2, header auth, Basic Auth |
Webhook Trigger Setup: URL, HTTP Method, and Authentication
After adding the Webhook Trigger node, n8n provides two URLs: one for testing and one for production. You configure the HTTP method, response mode, and optional authentication directly in the node panel.
When you add a Webhook Trigger node, n8n automatically generates a unique path. You can customize this path — for example, giving it a meaningful name like `/webhook/customer-registration`. n8n shows the test URL (`/webhook-test/...`) and the production URL (`/webhook/...`) separately. The test URL is only active when you run the workflow manually; the production URL is live whenever the workflow is activated.
Leaving the HTTP method as POST is appropriate for most scenarios, but GET, PUT, PATCH, or DELETE are also available. The response mode is a critical decision: 'Immediately' returns 200 OK as soon as the request is received while the workflow continues in the background. 'When Last Node Finishes' waits for the full workflow to complete and returns the final node's output as the response body — this mode is preferred for synchronous API gateway scenarios.
- Path: Optional custom URL path (e.g. /webhook/orders)
- HTTP Method: GET, POST, PUT, PATCH, DELETE, or ANY
- Response Mode: Immediately or When Last Node Finishes
- Response Data: Last Node or No Data
- Authentication: None, Basic Auth, or Header Auth
When authentication is enabled, only requests containing the correct credentials trigger the workflow; unauthenticated requests are rejected with a 401. This protects your webhook endpoint from unauthorized calls and helps meet enterprise security requirements. For a deeper look at enterprise security configuration, refer to the n8n security and corporate governance guide.
Calling Any API with the HTTP Request Node
The HTTP Request node lets you configure URL, HTTP method, headers, query parameters, request body, and authentication in a single interface. You can connect to any internal or external REST API through this node.
The HTTP Request node's configuration panel is essentially a full HTTP client interface. From the Method field you can select GET, POST, PUT, PATCH, DELETE, or HEAD. In the URL field you can enter a static address or build a dynamic URL using n8n expressions from previous node outputs — for example, `https://api.example.com/users/{{ $json.userId }}` fetches a different user profile on each execution.
Headers, query parameters, and the request body are managed in separate tabs. To send a JSON body, select 'JSON' as the Body Type and enter key-value pairs or write a JSON expression directly. Switch to 'Form Data' mode to submit form data. 'Binary' mode is available for file uploads and other binary payloads.
| Parameter | Options / Notes | Typical Use |
|---|---|---|
| Method | GET, POST, PUT, PATCH, DELETE, HEAD | CRUD operations |
| URL | Static or expression-based dynamic | Resource endpoint |
| Headers | Key-value pairs, expression-aware | Content-Type, Accept, custom headers |
| Query Params | Key-value pairs | Filtering, pagination |
| Body Type | JSON, Form Data, Raw, Binary | Sending data |
| Authentication | None, Credential (pre-configured) | API security |
| Timeout | Milliseconds | Long-running API responses |
| Retry On Fail | On/off, number of attempts | Transient error recovery |
Enabling 'Send Query Parameters' and 'Send Headers' reveals additional fields. Because these fields support expressions, you can use dynamic values from previous nodes. For instance, you can iterate over a list of records returned by a database query and make a separate API call for each record — managing throughput with n8n's SplitInBatches node to respect rate limits.
Authentication and Credentials: API Key, OAuth2, Header Auth
n8n stores credentials encrypted and lets you reuse credential objects across multiple workflows. Supported types include API key, Header Auth, Basic Auth, and OAuth2 (both Authorization Code and Client Credentials flows).
In n8n, credentials are stored in a centralized Credentials manager. Each credential is held in an encrypted database and referenced by workflows — it is never embedded directly in a node's configuration. This is both a security and maintenance advantage: when your API key changes, you update it in one place, and every workflow using that key updates automatically.
| Authentication Type | Use Case | n8n Settings |
|---|---|---|
| API Key | Static key passed as header or query param | Key name and value; 'Header' or 'Query' position |
| Header Auth | Authentication via custom header name and value | Header name and value (e.g. X-API-Token) |
| Basic Auth | HTTP Basic with username/password | Username and Password fields |
| OAuth2 (Auth Code) | User-approved access (third-party services) | Client ID, Secret, Auth/Token URL, Scope |
| OAuth2 (Client Credentials) | Server-to-server (M2M) access | Client ID, Secret, Token URL |
OAuth2 support is one of n8n's most powerful features. In the Authorization Code flow, n8n manages the browser-based authorization redirect; when the access token expires, it automatically refreshes using the refresh token. This allows enterprise services built on OAuth2 — such as Google Workspace, Microsoft 365, or Salesforce — to be integrated into workflows without manual token management. For alignment with enterprise security policies, we recommend reviewing the n8n security and governance guide.
When creating a credential, the 'Test Credential' button verifies its validity before saving. This feature catches misconfigurations early and prevents wasted time during workflow testing.
Data Transformation: JSON, Expressions, and the Code Node
To transform API responses into workflow data, use n8n expressions (double-brace syntax) or the Code node (JavaScript or Python). Expressions handle simple field mapping; the Code node handles complex transformation logic.
The JSON response returned by the HTTP Request node is automatically passed to subsequent nodes. n8n's expression engine allows you to access deeply nested JSON structures using dot notation and array indexing — for example, `{{ $json.data.items[0].name }}`. You can read from the current node output with `$json`, access all items with `$items()`, and reference workflow variables with `$vars`.
For complex data transformations, the Code node (formerly the Function node) is the tool of choice. It provides a full JavaScript or Python runtime: filter arrays, reshape objects, convert date formats, or merge data from multiple sources. The Code node is a powerful alternative in every situation where the standard n8n expression engine falls short.
- {{ $json.fieldName }} — read a field from the current item
- {{ $json.nested.object.value }} — access nested JSON
- {{ $items('NodeName')[0].json.field }} — access output of a specific node
- {{ $now.format('YYYY-MM-DD') }} — date/time expressions
- Code node: return items.map(item => ({ json: { id: item.json.id, name: item.json.name } })) — item transformation
When working with large datasets, use SplitInBatches to process data in chunks; make an HTTP Request call per batch to optimize memory use and stay within API rate limits. For intelligent data mapping and AI-assisted transformations, see the n8n AI agent setup guide.
Error Handling and Retries: Retry On Fail and Error Workflows
The 'Retry On Fail' option on the HTTP Request node automatically retries on transient network errors or 5xx responses. For critical workflows, defining a dedicated Error Workflow automates failure notifications and compensating actions.
In production, API integrations inevitably encounter transient errors: network timeouts, rate limiting (429), or temporary server failures (503). n8n provides a 'Retry On Fail' option at the HTTP Request node level. When enabled, you set the maximum number of attempts and the wait time between attempts (in milliseconds). Exponential backoff can be simulated by adding a Wait node between retries.
Beyond node-level error handling, n8n also offers workflow-level error management. You can define an 'Error Workflow' for each workflow; when an unhandled error occurs in the main workflow, this dedicated workflow is triggered automatically. The Error Workflow receives the error message and context via `$execution.error`, enabling you to automate compensating actions such as sending a Slack notification, writing the failed record to a database, or emailing an administrator.
- HTTP Request node > Settings > Retry On Fail: Enabled
- Max Tries: 3–5 (5 for critical integrations)
- Wait Between Tries: 1000–5000 ms (adjust to API rate limits)
- Settings > On Error: Evaluate 'Continue' vs. 'Stop And Error'
- Workflow level: Settings > Error Workflow — link your error handler workflow
- Inside Error Workflow: notification node (Slack, email) + logging node (database or log file)
Rate limit management is especially critical for bulk operations. Exceeding the API's allowed requests per second or minute results in a 429 error. To prevent this, use SplitInBatches to cap batch size and add a Wait node between batches, allowing high-volume data processing scenarios to run safely within API limits.
Practical Example: Custom API Integration Step by Step
To integrate a custom or closed API with n8n: receive data with Webhook Trigger, call the API with HTTP Request node, transform the response with the Code node, and add error handling. This pattern applies to any service without a native connector.
Let's walk through a real-world scenario: an internal ERP system calls an n8n webhook when a new order is created. The workflow captures this event, forwards the order details to an external logistics API, retrieves the tracking number from the response, and sends it to the customer notification system. None of these three services have native n8n connectors — but all communicate over HTTP.
- Webhook Trigger: receives POST request from ERP (order JSON). Path: /webhook/new-order. Authentication: Header Auth (X-ERP-Secret).
- HTTP Request (Logistics API): POST https://api.logistics.example.com/v1/shipments. Body: JSON constructed from ERP order data. Auth: API Key (Header: Authorization: Bearer {{credential}}). Retry On Fail: On, Max 3.
- Code Node: extracts tracking_number and estimated_delivery from logistics API response; combines with customer email address to build notification payload.
- HTTP Request (Notification API): POST https://api.notification.example.com/send. Body: payload from Code node. Auth: Basic Auth.
- Error Workflow: if any step fails, a Slack notification is sent and the failed order ID is logged to the database.
This pattern covers the vast majority of enterprise automation scenarios. For more complex cases — multi-step OAuth2 authorization, asynchronous APIs, hybrid architectures combining webhooks and polling — refer to the enterprise n8n use cases guide. If you want to add AI capabilities to your integrations, the n8n AI agent setup guide offers a comprehensive starting point.
n8n's flexibility makes it possible to include any system that communicates over HTTP — cloud-based SaaS, on-premises legacy systems, or IoT devices — in a workflow. Encrypted credential management, role-based access control, and audit logs ensure enterprise security requirements are met.
Frequently Asked Questions
What is a webhook and how does it work in n8n?
A webhook is a mechanism by which one application sends an HTTP request to another URL when a specific event occurs. In n8n, the Webhook Trigger node provides a URL that listens for these requests; each incoming request automatically starts the workflow.
What does the HTTP Request node do, and which APIs can it work with?
The HTTP Request node sends a request from an n8n workflow to any HTTP/HTTPS endpoint. It works with any service that supports the REST API standard, making it the primary integration method for custom, enterprise, or proprietary APIs that have no native n8n connector.
How is API authentication handled in n8n?
A credential object is created in the Credentials manager, selecting one of the supported types: API key, Header Auth, Basic Auth, or OAuth2. This credential is then selected in the HTTP Request node and applied automatically to all requests; credentials are stored encrypted.
Does n8n support OAuth2? Is token renewal automatic?
Yes, n8n supports OAuth2 Authorization Code and Client Credentials flows. When the access token expires, n8n automatically uses the refresh token to obtain a new one in the background; the workflow continues uninterrupted without any manual intervention.
How do I handle API rate limits in n8n?
Use SplitInBatches to divide bulk requests into chunks, and add a Wait node between batches to stay within the API's allowed rate. The Retry On Fail option on the HTTP Request node automatically retries on 429 errors.
How does error handling work for the HTTP Request node in n8n?
Retry On Fail can be enabled at the node level. At the workflow level, define an Error Workflow to handle uncaught errors — send Slack notifications, log failed records to a database, or trigger compensating actions automatically.
Can I integrate an on-premises or closed API with n8n?
Yes. The HTTP Request node works with any API accessible by URL. In a self-hosted n8n deployment, when n8n is installed on a server with access to the internal network, it can also connect to private APIs behind a VPN or firewall.
Can I use the Webhook and HTTP Request nodes in the same workflow?
Yes, this is a common pattern. The Webhook Trigger receives data from outside, and one or more HTTP Request nodes within the workflow send requests to different APIs. This allows multi-system integrations to be orchestrated in a single workflow.
Conclusion
Together, n8n's Webhook Trigger and HTTP Request nodes make it possible to incorporate any HTTP-based service into a workflow. For custom, enterprise, or proprietary APIs without native connectors, these two nodes provide a flexible and secure integration foundation. Encrypted credential management, OAuth2 support, and automatic token renewal meet enterprise security requirements while boosting developer productivity.
Retry logic, error handling, and Error Workflows make your integrations production-ready. For integration scenarios specific to your industry and to configure n8n infrastructure at enterprise scale, contact the Sora integration team for a complimentary discovery session.