webflow-webhooks-events
Implement Webflow webhook registration, signature verification, and event handling for form_submission, site_publish, ecomm_new_order, page_created, and more. Use when setting up webhook endpoints, implementing event-driven workflows, or handling Webflow notifications. Trigger with phrases like "webflow webhook", "webflow events", "webflow webhook signature", "handle webflow events", "webflow notifications".
Best use case
webflow-webhooks-events is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Implement Webflow webhook registration, signature verification, and event handling for form_submission, site_publish, ecomm_new_order, page_created, and more. Use when setting up webhook endpoints, implementing event-driven workflows, or handling Webflow notifications. Trigger with phrases like "webflow webhook", "webflow events", "webflow webhook signature", "handle webflow events", "webflow notifications".
Teams using webflow-webhooks-events should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/webflow-webhooks-events/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How webflow-webhooks-events Compares
| Feature / Agent | webflow-webhooks-events | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Implement Webflow webhook registration, signature verification, and event handling for form_submission, site_publish, ecomm_new_order, page_created, and more. Use when setting up webhook endpoints, implementing event-driven workflows, or handling Webflow notifications. Trigger with phrases like "webflow webhook", "webflow events", "webflow webhook signature", "handle webflow events", "webflow notifications".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Webflow Webhooks & Events
## Overview
Register, verify, and handle Webflow Data API v2 webhooks. Covers all trigger types,
HMAC signature verification, idempotent processing, and event routing patterns.
## Prerequisites
- Webflow API token with `sites:write` scope (for registering webhooks)
- HTTPS endpoint accessible from the internet
- `crypto` module (Node.js built-in)
- Redis or database for idempotency (optional)
## Webhook API Reference
| Operation | Method | Endpoint |
|-----------|--------|----------|
| List webhooks | GET | `/v2/sites/{site_id}/webhooks` |
| Create webhook | POST | `/v2/sites/{site_id}/webhooks` |
| Get webhook | GET | `/v2/webhooks/{webhook_id}` |
| Delete webhook | DELETE | `/v2/webhooks/{webhook_id}` |
**Limits:** Max 75 webhook registrations per `triggerType` per site.
## Supported Trigger Types
| triggerType | Description | Payload |
|-------------|-------------|---------|
| `form_submission` | Form submitted on site | Form data, submitter info |
| `site_publish` | Site published | Site ID, publish domains |
| `page_created` | New page created | Page ID, title, slug |
| `page_metadata_updated` | Page SEO/meta changed | Page ID, updated fields |
| `page_deleted` | Page removed | Page ID |
| `ecomm_new_order` | New ecommerce order | Order details, items, customer |
| `ecomm_order_changed` | Order status updated | Order ID, new status |
| `collection_item_created` | CMS item created | Collection ID, item data |
| `collection_item_changed` | CMS item updated | Collection ID, item data |
| `collection_item_deleted` | CMS item removed | Collection ID, item ID |
| `collection_item_unpublished` | CMS item unpublished | Collection ID, item ID |
## Instructions
### Step 1: Register Webhooks via API
```typescript
import { WebflowClient } from "webflow-api";
const webflow = new WebflowClient({
accessToken: process.env.WEBFLOW_API_TOKEN!,
});
const siteId = process.env.WEBFLOW_SITE_ID!;
const webhookUrl = "https://your-app.com/webhooks/webflow";
async function registerWebhooks() {
const triggerTypes = [
"form_submission",
"site_publish",
"ecomm_new_order",
"collection_item_created",
"collection_item_changed",
];
for (const triggerType of triggerTypes) {
const webhook = await webflow.webhooks.create(siteId, {
triggerType,
url: webhookUrl,
// form_submission supports filtering to a specific form
...(triggerType === "form_submission" && {
filter: { name: "contact-form" }, // Filter by form name
}),
});
console.log(`Registered: ${triggerType} -> ${webhook.id}`);
}
}
// List existing webhooks
async function listWebhooks() {
const { webhooks } = await webflow.webhooks.list(siteId);
for (const wh of webhooks!) {
console.log(`${wh.triggerType}: ${wh.url} (${wh.id})`);
}
}
// Delete a webhook
async function deleteWebhook(webhookId: string) {
await webflow.webhooks.delete(webhookId);
}
```
### Step 2: Webhook Endpoint with Signature Verification
```typescript
import express from "express";
import crypto from "crypto";
const app = express();
// CRITICAL: Use raw body for signature verification
app.post(
"/webhooks/webflow",
express.raw({ type: "application/json" }),
async (req, res) => {
const signature = req.headers["x-webflow-signature"] as string;
const secret = process.env.WEBFLOW_WEBHOOK_SECRET!;
// Verify HMAC-SHA256 signature
if (!verifySignature(req.body, signature, secret)) {
console.error("Webhook signature verification failed");
return res.status(401).json({ error: "Invalid signature" });
}
const event = JSON.parse(req.body.toString());
// Respond immediately — process async
res.status(200).json({ received: true });
// Handle event asynchronously
try {
await handleWebflowEvent(event);
} catch (error) {
console.error("Webhook processing error:", error);
}
}
);
function verifySignature(
rawBody: Buffer,
signature: string,
secret: string
): boolean {
if (!signature || !secret) return false;
const expected = crypto
.createHmac("sha256", secret)
.update(rawBody)
.digest("hex");
try {
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
} catch {
return false; // Length mismatch
}
}
```
### Step 3: Event Router
```typescript
type WebflowTriggerType =
| "form_submission"
| "site_publish"
| "page_created"
| "page_metadata_updated"
| "page_deleted"
| "ecomm_new_order"
| "ecomm_order_changed"
| "collection_item_created"
| "collection_item_changed"
| "collection_item_deleted"
| "collection_item_unpublished";
interface WebflowWebhookEvent {
triggerType: WebflowTriggerType;
payload: Record<string, any>;
site: { id: string; shortName: string };
}
const eventHandlers: Record<WebflowTriggerType, (payload: any) => Promise<void>> = {
form_submission: async (payload) => {
console.log("New form submission:", payload.formData);
// Forward to CRM, send email, etc.
},
site_publish: async (payload) => {
console.log("Site published:", payload.site?.shortName);
// Invalidate cache, notify team, etc.
},
ecomm_new_order: async (payload) => {
console.log("New order:", payload.orderId);
// Create invoice, update inventory, notify fulfillment
},
ecomm_order_changed: async (payload) => {
console.log("Order updated:", payload.orderId, payload.status);
// Update order status in your system
},
page_created: async (payload) => {
console.log("New page:", payload.pageId);
},
page_metadata_updated: async (payload) => {
console.log("Page metadata updated:", payload.pageId);
},
page_deleted: async (payload) => {
console.log("Page deleted:", payload.pageId);
},
collection_item_created: async (payload) => {
console.log("CMS item created:", payload.itemId);
// Sync to external database, index for search, etc.
},
collection_item_changed: async (payload) => {
console.log("CMS item changed:", payload.itemId);
// Update external database
},
collection_item_deleted: async (payload) => {
console.log("CMS item deleted:", payload.itemId);
// Remove from external database
},
collection_item_unpublished: async (payload) => {
console.log("CMS item unpublished:", payload.itemId);
// Remove from public-facing systems
},
};
async function handleWebflowEvent(event: WebflowWebhookEvent): Promise<void> {
const handler = eventHandlers[event.triggerType];
if (!handler) {
console.log(`Unhandled event type: ${event.triggerType}`);
return;
}
await handler(event.payload);
console.log(`Processed: ${event.triggerType}`);
}
```
### Step 4: Idempotent Processing
Prevent duplicate processing with event tracking:
```typescript
import { Redis } from "ioredis";
const redis = new Redis(process.env.REDIS_URL!);
async function processOnce(
eventId: string,
handler: () => Promise<void>
): Promise<boolean> {
// SET NX — only succeeds if key doesn't exist
const acquired = await redis.set(
`webflow:event:${eventId}`,
Date.now().toString(),
"EX", 86400 * 7, // 7-day TTL
"NX"
);
if (!acquired) {
console.log(`Event ${eventId} already processed — skipping`);
return false;
}
try {
await handler();
return true;
} catch (error) {
// Remove key on failure so retry can process
await redis.del(`webflow:event:${eventId}`);
throw error;
}
}
// Usage in webhook handler
app.post("/webhooks/webflow", /* middleware */, async (req, res) => {
res.status(200).json({ received: true });
const event = JSON.parse(req.body.toString());
const eventId = `${event.triggerType}-${Date.now()}`;
await processOnce(eventId, () => handleWebflowEvent(event));
});
```
### Step 5: Testing Webhooks Locally
```bash
# Terminal 1: Start your server
npm run dev
# Terminal 2: Expose via ngrok
ngrok http 3000
# Copy the https:// URL
# Terminal 3: Register test webhook
curl -X POST "https://api.webflow.com/v2/sites/$WEBFLOW_SITE_ID/webhooks" \
-H "Authorization: Bearer $WEBFLOW_API_TOKEN" \
-H "Content-Type: application/json" \
-d "{
\"triggerType\": \"form_submission\",
\"url\": \"https://your-ngrok-url.ngrok.io/webhooks/webflow\"
}"
# Now submit a form on your Webflow site — the webhook will hit your local server
```
## Output
- Webhook registrations for all needed trigger types
- HMAC-SHA256 signature verification on every request
- Type-safe event router handling all Webflow events
- Idempotent processing preventing duplicates
- Local testing workflow with ngrok
## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| Signature mismatch | Wrong secret or body parsing | Use `express.raw()`, not `express.json()` |
| Missing events | Webhook URL unreachable | Verify HTTPS endpoint is accessible |
| Duplicate processing | No idempotency check | Add Redis-based deduplication |
| 75 webhook limit | Too many registrations per trigger | Clean up unused webhooks |
| ngrok tunnel expired | Free tier 2-hour limit | Restart ngrok or use paid plan |
## Resources
- [Webhooks Guide](https://developers.webflow.com/data/docs/working-with-webhooks)
- [Webhooks API Reference](https://developers.webflow.com/data/reference/webhooks)
- [Create Webhook](https://developers.webflow.com/data/reference/webhooks/create)
- [Webhook Event Types](https://developers.webflow.com/data/reference/webhooks/events/form-submission)
## Next Steps
For performance optimization, see `webflow-performance-tuning`.Related Skills
workhuman-webhooks-events
Workhuman webhooks events for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman webhooks events".
wispr-webhooks-events
Wispr Flow webhooks events for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr webhooks events".
windsurf-webhooks-events
Build Windsurf extensions and integrate with VS Code extension API events. Use when building custom Windsurf extensions, tracking editor events, or integrating Windsurf with external tools via extension development. Trigger with phrases like "windsurf extension", "windsurf events", "windsurf plugin", "build windsurf extension", "windsurf API".
webflow-upgrade-migration
Analyze, plan, and execute Webflow SDK upgrades (webflow-api v1 to v3) with breaking change detection, API v1-to-v2 migration, and deprecation handling. Trigger with phrases like "upgrade webflow", "webflow migration", "webflow breaking changes", "update webflow SDK", "webflow v1 to v2".
webflow-security-basics
Apply Webflow API security best practices — token management, scope least privilege, OAuth 2.0 secret rotation, webhook signature verification, and audit logging. Use when securing API tokens, implementing least privilege access, or auditing Webflow security configuration. Trigger with phrases like "webflow security", "webflow secrets", "secure webflow", "webflow API key security", "webflow token rotation".
webflow-sdk-patterns
Apply production-ready Webflow SDK patterns — singleton client, typed error handling, pagination helpers, and raw response access for the webflow-api package. Use when implementing Webflow integrations, refactoring SDK usage, or establishing team coding standards. Trigger with phrases like "webflow SDK patterns", "webflow best practices", "webflow code patterns", "idiomatic webflow", "webflow typescript".
webflow-reference-architecture
Implement Webflow reference architecture — layered project structure, client wrapper, CMS sync service, webhook handlers, and caching layer for production integrations. Trigger with phrases like "webflow architecture", "webflow project structure", "how to organize webflow", "webflow integration design", "webflow best practices".
webflow-rate-limits
Handle Webflow Data API v2 rate limits — per-key limits, Retry-After headers, exponential backoff, request queuing, and bulk endpoint optimization. Use when hitting 429 errors, implementing retry logic, or optimizing API request throughput. Trigger with phrases like "webflow rate limit", "webflow throttling", "webflow 429", "webflow retry", "webflow backoff", "webflow too many requests".
webflow-prod-checklist
Execute Webflow production deployment checklist — token security, rate limit hardening, health checks, circuit breakers, gradual rollout, and rollback procedures. Use when deploying Webflow integrations to production or preparing for launch. Trigger with phrases like "webflow production", "deploy webflow", "webflow go-live", "webflow launch checklist", "webflow production ready".
webflow-performance-tuning
Optimize Webflow API performance with response caching, bulk endpoint batching, CDN-cached live item reads, pagination optimization, and connection pooling. Use when experiencing slow API responses or optimizing request throughput. Trigger with phrases like "webflow performance", "optimize webflow", "webflow latency", "webflow caching", "webflow slow", "webflow batch".
webflow-observability
Set up observability for Webflow integrations — Prometheus metrics for API calls, OpenTelemetry tracing, structured logging with pino, Grafana dashboards, and alerting for rate limits, errors, and latency. Trigger with phrases like "webflow monitoring", "webflow metrics", "webflow observability", "monitor webflow", "webflow alerts", "webflow tracing".
webflow-multi-env-setup
Configure Webflow across development, staging, and production environments with per-environment API tokens, site IDs, and secret management via Vault/AWS/GCP. Trigger with phrases like "webflow environments", "webflow staging", "webflow dev prod", "webflow environment setup", "webflow config by env".