Overview
This node acts as a webhook trigger for WARest (a WhatsApp REST API service), receiving webhook events with signature verification to ensure authenticity. It supports multiple event types such as session status updates, message events, group participant changes, and more. The node verifies incoming requests using shared secrets and optional timestamp freshness checks, then outputs the event data for further workflow processing. It is useful for integrating WARest webhook events into automation workflows, enabling real-time responses to WhatsApp messaging and session events.
Use Case Examples
- Automatically process incoming WhatsApp messages by triggering workflows when a 'message_received' event is received.
- Monitor session status changes to trigger alerts or automated recovery actions.
- Log and analyze group participant changes or message reactions in real-time.
Properties
| Name | Meaning |
|---|---|
| Webhook Path | Relative path that WARest will call to deliver webhook events. |
| Shared Secrets | Comma or newline separated secrets used to verify the webhook signature, allowing secure validation and secret rotation. |
| Include HTTP Headers | Whether to include HTTP headers in the output data. |
| Include Raw Body | Whether to include the unparsed raw JSON string in the output for custom signature checks or logging. |
| Response Mode | Determines the HTTP response sent back to WARest after receiving the webhook event. |
| Static Response JSON | Custom JSON payload to return when using the Static JSON response mode. |
| Response Actions | Optional JSON array of actions to return alongside the acknowledgment. |
| Response Delay (ms) | Optional delay in milliseconds before sending the response to slow down WARest follow-up actions. |
| Disable Signature Verification | Option to disable signature verification, intended only for debugging purposes. |
| Debug Signature Logging | Enable logging of expected vs received signatures when verification fails for debugging. |
| Verify Timestamp Freshness | Reject webhook requests if the timestamp in the header drifts beyond a configured tolerance. |
| Timestamp Tolerance (seconds) | Maximum allowed difference in seconds between the webhook timestamp and current time when verifying freshness. |
Output
JSON
event- Event type repeated in the output payload.sessionId- Session identifier associated with the event.registry- Registry information from the webhook headers.username- Username associated with the webhook event.timestamp- Timestamp of the event from the webhook headers.eventId- Unique identifier for the event.version- Version of the webhook event.ts- Timestamp of the event.sessionid- Session object containing the session ID.
data- Main data payload of the webhook event.metadata- Metadata object containing event details like event name, session ID, registry, username, timestamp, event ID, and version.payload- Full original payload received from the webhook.signatureValid- Boolean indicating if the webhook signature was successfully verified.headers- Optional HTTP headers included if configured.rawBody- Optional raw JSON string of the webhook body included if configured.
Dependencies
- node:crypto
Troubleshooting
- Ensure at least one webhook secret is configured or disable signature verification for debugging; otherwise, the node will throw an error.
- If signature verification fails, the node responds with HTTP 401 Unauthorized and logs debug information if enabled.
- If timestamp freshness verification is enabled and the timestamp is stale, the node responds with HTTP 401 Unauthorized.
- Malformed JSON in 'Static Response JSON' or 'Response Actions' properties will cause a node operation error; ensure valid JSON format.