Webhooks
Use inbound webhooks to trigger Taskade automations from external services, and outbound HTTP requests to call any API from your workflows.
Overview
Webhooks let your Taskade automations communicate with the outside world in both directions:
Inbound webhooks — external services send data into Taskade to trigger automations.
Outbound HTTP requests — automations call out to external APIs as action steps.
Receiving Taskade events — combine a Taskade trigger (e.g. task completed) with an outbound HTTP action to push events to your app.
Two ways to receive Taskade events:
No-code: build an automation with a Taskade trigger plus an HTTP action — see Receiving Taskade Events below.
Programmatic (Beta): subscribe over the public API with
POST /api/v2/subscribeWebhook— see Programmatic Webhook Subscriptions. Available on Pro and above.
Inbound Webhooks
Receive data from any external service to kick off a Taskade automation.
How It Works
Create a webhook trigger in any automation flow.
Taskade generates a unique webhook URL for that trigger.
Configure your external service to POST JSON data to the URL.
The webhook payload becomes available as dynamic data in every subsequent action.
The webhook URL is generated per automation. You'll find it in the trigger configuration panel after selecting the Webhook trigger type.
Payload Structure
Any valid JSON body is accepted. Each field in your payload automatically becomes a dynamic variable you can reference in downstream actions.
Example payload:
All four fields (event, name, email, message) are available as dynamic variables in your automation steps.
Authentication
Webhook URLs are unique and unguessable — each contains a cryptographically random token. For additional security:
Validate incoming payloads in your automation logic (e.g., check for an expected
eventvalue).Rotate the webhook URL if you suspect it has been compromised by deleting and re-creating the trigger.
Treat your webhook URLs like passwords. Do not share them publicly or commit them to source control.
Bearer Token Authentication
For stronger protection on inbound webhook triggers, you can require callers to supply a secret bearer token. When enabled, Taskade rejects any request that does not present a valid token before the automation runs.
Setup:
Open the webhook trigger configuration panel in your automation.
Enable Bearer Token authentication and set a secret token value.
Taskade generates (or lets you enter) a secret — store it securely; it will not be shown again.
Calling the webhook:
Every inbound request must include the token in the Authorization header:
Requests that omit or supply an incorrect token receive a 401 Unauthorized response and are not processed.
Webhook automations are available on Pro and above. Free and Starter plans cannot create webhook triggers or subscriptions. See taskade.com/pricing.
Common Patterns
External form submission
Create a task + notify the team
Stripe payment webhook
Update project status + send confirmation
GitHub CI/CD webhook
Update deployment status in a project
CRM event (HubSpot, etc.)
Sync contact data to a Taskade project
Outbound HTTP Requests
For outbound communication, use the HTTP Request action in any automation to call external APIs.
Configuration
Method
GET, POST, PUT, DELETE
URL
Any valid endpoint
Headers
Custom headers supported (e.g., Authorization, Content-Type)
Body
JSON or form data
Response data from the HTTP request is available as dynamic variables in subsequent automation steps — so you can chain API calls together.
Example: Post to an External API
Method
POST
URL
https://api.example.com/notifications
Headers
Content-Type: application/json
Authorization: Bearer your_api_token_placeholder
Body:
Programmatic Webhook Subscriptions (Beta)
Beta. Subscribing requires Pro or above. Subscriptions are account-level, and task.due is the only event wired end-to-end today — more events are rolling out. The authoritative schema is the live Action API v2 spec.
Subscribe to Taskade events over the public API without building an automation in the UI. This is the surface the official Taskade integrations (Zapier, n8n, Activepieces) build on.
Subscribe — register a target URL for an event:
Returns { "ok": true, "hookId": "..." }. Taskade then POSTs the event payload to targetUrl whenever a matching event fires. Delivery uses an SSRF-guarded fetch, so targetUrl must be https.
Unsubscribe — remove a subscription by its hookId:
Plan
Subscribing requires Pro or above (otherwise 402 PAYMENT_REQUIRED). Unsubscribing is always allowed, so a downgraded account can still clean up.
Scope
Account-level — fires for matching events across your account. Per-project scope is planned.
Events
task.due today. task.assigned, task.completed, project.created and more are rolling out.
Limit
Up to 100 active subscriptions per account.
Receiving Taskade Events
To notify your app when something happens in Taskade (a task is added, a task is completed), build an automation that starts with a Taskade trigger and ends with an Outbound HTTP Request to your endpoint. The trigger's fields are available as dynamic variables in the HTTP body.
Common triggers and their payloads
Task added — fires when a new task is added to a project:
Task completed — fires when a task is marked complete:
Custom field values on the task are included as additional keys. Other triggers (new comment, due date, project completed, schedule) follow the same pattern — see the Action & Trigger Reference.
Rate Limits
Excessive inbound webhook calls may be throttled to protect system stability. If you expect high-volume webhook traffic, consider batching events or adding a queue on the sender side.
Next Steps
Authentication — set up API tokens for outbound requests
MCP Connectors — use native integrations instead of raw webhooks for supported services
Last updated
Was this helpful?