[Heads up] Mandatory Secure URLs for Webhook actions

by: HubSpot Moderator
HubSpot Moderator

What is it?
The “Trigger a Webhook” action in Workflows will soon require secure URLs that use HTTPS. Over time URLs that use HTTP will be phased out from webhook actions.

To learn more about HTTPS, read this blog post.

Why is it important?
Workflow webhook actions send information from the contact profile over the Internet. As such, it’s important to make sure this information is secure and not at risk. Moving to HTTPS URLs ensure all workflow webhook URLs will help keep customer data secure.

How it works?
Starting today, the Workflows tool will not allow creating a new webhook action that does not use an HTTPS address. Existing workflow actions that do not use HTTPS will display an error in the editor. This error prevents the user from activating the workflow until they update the webhook URL to an HTTPS address.

trigger webhook error-1

For the time being, existing webhook actions that use the nonsecure HTTP address will continue to work. However, in ~30 days, webhook actions that still use an HTTP address will be skipped automatically. In the coming weeks, you may receive an in-app notification to a link to help you automatically change all of you existing HTTP webhook actions to HTTPS. 

Since some web services referenced by webhook actions may not support HTTPS, it is important to test that webhook actions will continue to work.

Who gets it?
All customers with access to Workflows.

What language is it in?
This update is available in all languages supported by HubSpot.