Webhook Workflow

Why deploy webhook workflow on Render?

A webhook workflow is a pattern where an HTTP endpoint receives external event notifications (webhooks), validates them, and triggers an asynchronous workflow for processing. It solves the problem of handling time-consuming tasks (like updating databases, sending emails, notifying external systems) without blocking the webhook response or requiring you to build custom queue infrastructure.

This template pre-configures a webhook receiver with HMAC-SHA256 signature validation already wired to trigger Render Workflows, so you get secure webhook handling with async processing without setting up queues, workers, or retry logic yourself. One click deploys the complete architecture—just add your API key and workflow slug, and you're ready to receive webhooks that fan out to multi-step workflows with built-in execution history and failure handling. You skip the typical afternoon of configuring signature validation, timestamp checking, and async job infrastructure that payment webhooks require.

Architecture

What you can build

After deploying this template, you'll have a webhook endpoint that securely receives payment notifications (like Stripe's payment.succeeded events), validates their signatures, and hands off processing to a background workflow. The workflow handles updating your order records, emailing receipts, and notifying fulfillment systems—all asynchronously, so your webhook responds immediately without you managing any queue infrastructure. You'll need to manually create the Render Workflow after the initial deploy and connect it via an environment variable.

Key features

• HMAC-SHA256 signature validation: Validates incoming webhook requests using HMAC-SHA256 signatures with constant-time comparison to prevent timing attacks.
• Replay attack protection: Rejects requests with timestamps older than 5 minutes to prevent captured webhook payloads from being replayed.
• Render Workflows integration: Delegates processing to Render Workflows for async execution without blocking webhook responses or managing queue infrastructure.
• Dual language implementations: Includes both TypeScript (Fastify) and Python (FastAPI) implementations with identical functionality and project structure.
• Local development with CLI: Supports full local testing of the webhook-to-workflow pipeline using the Render CLI's local task server on port 8120.

Use cases

• Process simulated Stripe payment webhooks with async order fulfillment and email receipts
• Handle GitHub webhook events to trigger deployment pipelines reliably
• Receive Shopify order notifications and sync inventory across multiple systems
• Validate incoming webhooks from any provider with HMAC signature security

What's included

Prerequisites

• Render API Key: Your Render API key used to trigger workflows from the webhook service.
• Webhook Secret: A secret key used to validate HMAC-SHA256 signatures on incoming webhook requests.
• Workflow Slug: The identifier for the Render Workflow task to trigger when processing payments (format: workflow-name/task-name).

Next steps

1. Open the webhook service URL in your browser — You should see the built-in tester UI where you can generate signed test payloads and send requests
2. Configure the WORKFLOW_SLUG environment variable with your task slug from the workflow's Tasks page (format: workflow-name/process-payment) — The webhook service will restart and connect to your workflow
3. Test the webhook by clicking 'Send' in the tester UI with a sample payment.succeeded event — You should receive a JSON response with status 'processing' and a task_run_id, then see the run appear in your workflow's Tasks > process-payment > Runs page

Resources

• Render Workflows official site