Smart Home AssistantNewsletter

Home Assistant Webhooks: A Practical Guide

SepehrBy Sepehr· 19/06/2026· 8 min read
Home Assistant Webhooks: A Practical Guide

Home Assistant webhooks let any external service or device trigger a smart home automation instantly — no polling, no persistent connection required. Whether you want an iOS Shortcut to flash your lights when you leave work, a doorbell press to alert your TV, or a weather service to pre-heat your home before a cold snap, webhooks are the glue that binds Home Assistant to the wider internet.

This guide walks through everything you need to know: what webhooks are, how to create a webhook automation in Home Assistant, how to test it with a simple curl command, and five practical examples you can copy today. If you are new to automations in general, read our automations guide first — webhooks are a trigger type that plugs directly into that framework.

What Is a Webhook?

A webhook is simply an HTTP endpoint that waits for an incoming request. When something sends a POST (or PUT) request to that URL, Home Assistant fires the linked automation. Unlike polling — where your hub periodically asks "has anything changed?" — a webhook is event-driven: the external service pushes data to you the moment something happens.

This makes webhooks ideal for:

  • Bridging Home Assistant with cloud services that cannot speak directly to your local network.
  • Receiving data from mobile shortcuts, third-party apps, or custom scripts.
  • Creating lightweight APIs for your smart home without setting up a full REST server.

For a deeper look at the Home Assistant REST API — sending commands out rather than receiving triggers in — see our REST API guide.

Creating a Webhook Automation in Home Assistant

Step 1 — Open Automations. Go to Settings → Automations & Scenes and click Create Automation, then choose Create new automation.

Step 2 — Add a Webhook trigger. Under the Triggers section, click Add Trigger and select Webhook. Home Assistant will generate a unique Webhook ID — a long random string that acts as both the identifier and a secret token. Copy it somewhere safe; you will need it for every request.

Step 3 — Configure allowed methods. By default, the trigger accepts POST and PUT requests. Unless you have a specific reason to allow GET (which exposes the ID in browser history and server logs), leave the defaults as they are.

Step 4 — Set local_only. The Only accessible from the local network toggle is enabled by default. If you want to trigger automations from the open internet — for example, from IFTTT or an iOS Shortcut when you are away from home — you must disable this toggle. Doing so requires either a Nabu Casa subscription or a properly secured reverse proxy with HTTPS.

Step 5 — Add your actions. Below the trigger, add any action: turn on a light, send a notification, run a script. You can reference incoming data using {{ trigger.json.key_name }} for JSON payloads, {{ trigger.data.key_name }} for form-encoded data, or {{ trigger.query.param }} for URL query parameters.

Step 6 — Save. Give the automation a name and save. Your webhook is now live at:

http://<your-ha-ip>:8123/api/webhook/<webhook_id>

Testing Your Webhook with curl

A quick curl command is the fastest way to confirm your webhook works before connecting any external service. Open a terminal on any device on your local network and run:

curl -X POST \
  http://192.168.1.100:8123/api/webhook/YOUR_WEBHOOK_ID \
  -H "Content-Type: application/json" \
  -d '{"source": "test", "value": 42}'

Replace 192.168.1.100 with your Home Assistant IP and YOUR_WEBHOOK_ID with the ID you copied earlier. If the automation fires, you are ready to connect real services. If nothing happens, check the Logbook in Home Assistant — it will show whether the webhook was received but the automation had a condition that blocked it, or whether no request arrived at all.

You can also send a PUT request, which is the method Home Assistant's own documentation recommends as best practice:

curl -X PUT \
  http://192.168.1.100:8123/api/webhook/YOUR_WEBHOOK_ID \
  -H "Content-Type: application/json" \
  -d '{"room": "kitchen", "action": "lights_on"}'

Using Webhooks with iOS Shortcuts

iOS Shortcuts make it trivial to trigger Home Assistant automations from your iPhone without opening any app. Here is how to set one up:

  1. Open Shortcuts on your iPhone and tap the + to create a new shortcut.
  2. Search for and add the Get Contents of URL action.
  3. Set the URL to your full webhook URL. If you are at home, use your local HA IP. If you want it to work away from home, use your Nabu Casa URL (see below) or your external domain.
  4. Set Method to POST.
  5. Under Request Body, choose JSON and add any key/value pairs you want to pass to the automation (e.g. location: office).
  6. Tap done and run the shortcut to test it.

You can then trigger this shortcut from a home screen widget, an NFC tag, or an automation in the Shortcuts app itself — for example, When I leave this location, run shortcut. For push notifications back to your phone from Home Assistant automations, the mobile app guide covers the companion app notification actions.

Webhook Integration with Node-RED

Node-RED is the most flexible way to process webhook payloads before acting on them. The node-red-contrib-home-assistant-websocket package includes a dedicated Webhook node that registers a new endpoint on your Node-RED instance and exposes the received data as a standard Node-RED message object (msg.payload).

A typical flow looks like this:

  1. HTTP In node — listens on a path such as /webhook/doorbell.
  2. Function node — parses msg.payload and builds the Home Assistant service call data.
  3. Call Service node — calls a HA service such as light.turn_on.
  4. HTTP Response node — returns a 200 OK to the caller.

This approach is particularly powerful when you need to transform or filter data — for example, receiving a raw sensor reading and converting it into a HA entity state update. Our full Node-RED guide covers installation and the basics of the HA websocket nodes.

Connecting IFTTT and Make (Formerly Integromat)

Cloud automation platforms like IFTTT and Make can send webhooks to Home Assistant, bridging services that have no native HA integration.

IFTTT

IFTTT's Webhooks service (also called Maker Webhooks) lets any IFTTT applet trigger an HTTP request. To fire a HA webhook from IFTTT:

  1. Create an IFTTT applet with any trigger (e.g. Button widget pressed or Weather Underground: Rain forecast).
  2. For the action, choose Webhooks → Make a web request.
  3. Enter your Nabu Casa or external HA webhook URL, set method to POST, content type to application/json, and a JSON body such as {"source": "ifttt"}.

Note: IFTTT's free tier limits you to three active applets; the Pro tier (around £2.50/month) removes this cap.

Make (Integromat)

Make offers more granular control. Create a scenario with an HTTP module as the final action, pointing at your HA webhook URL. Make supports scheduled runs, data mapping, filters, and error handling — useful if you are processing structured data from another service before pushing it to Home Assistant.

Nabu Casa Remote Access for Webhooks

By default, webhook triggers only accept requests from your local network. To receive webhooks from the internet — from IFTTT, an iOS Shortcut used while away from home, or any other external service — you need one of the following:

  • Nabu Casa Home Assistant Cloud (£6.50/month in the UK): Nabu Casa provides a secure, encrypted tunnel that gives your HA instance a stable public URL at https://<random-id>.ui.nabu.casa. When you disable the local_only toggle on a webhook trigger and have an active Nabu Casa subscription, the cloud routes incoming webhook requests through to your local HA instance automatically. No port forwarding or static IP required.
  • Self-hosted reverse proxy: If you prefer not to use Nabu Casa, you can expose Home Assistant to the internet via a reverse proxy such as Nginx or Caddy, secured with a Let's Encrypt TLS certificate. This requires a static IP or a dynamic DNS service and careful firewall configuration.

Whichever route you choose, always ensure your HA instance uses HTTPS when accepting webhook requests from the internet. Sending the webhook ID (which acts as a secret token) over plain HTTP exposes it to interception.

Security Best Practices

Treat your webhook ID like a password. Anyone who knows the ID can trigger your automation. Home Assistant's official documentation explicitly warns: "Treat a webhook ID like a password: use a unique, non-guessable value." Concretely, this means:

  • Never share your webhook ID publicly — do not post it in forum threads or commit it to a public Git repository.
  • Never reuse IDs from tutorials or documentation. Home Assistant auto-generates a random ID when you create a trigger; use that generated value, not something memorable.
  • Avoid webhooks for destructive or security-critical actions — unlocking a smart lock or opening a garage door via a webhook is risky because there is no per-request authentication beyond the ID itself. Use the Home Assistant REST API with a long-lived access token for those use cases instead.
  • Keep local_only enabled unless you specifically need internet access. Local-only webhooks cannot be triggered from outside your network even if the ID leaks.
  • Rotate webhook IDs periodically — if you ever suspect an ID has been exposed, delete the automation and recreate it with a fresh, auto-generated ID.

Five Practical Webhook Use Cases

1. iOS Shortcut — "I'm leaving work"
An iPhone Shortcut fires when you tap a home screen widget. It sends a POST to your webhook, which triggers a HA automation to set the heating to your preferred evening temperature, turn on the hallway light, and start the kettle smart plug 20 minutes before you typically arrive home.

2. Rain forecast alert
An IFTTT applet monitors your local weather and fires a webhook when rain is forecast within the next two hours. Home Assistant receives it and sends a phone notification reminding you to close the conservatory windows, then turns on a yellow indicator light in your office as a visual reminder.

3. Custom doorbell integration
An IP camera at your front door, running a motion/person detection script, sends a webhook to HA when it detects a visitor. Home Assistant pauses your Sonos speaker, flashes a smart bulb three times, and sends a snapshot to your phone via the companion app.

4. GitHub CI/CD build complete
A GitHub Actions workflow sends a webhook payload to HA after a successful deployment. Home Assistant triggers a brief green flash on your desk lamp — a subtle, distraction-free signal that the build passed without you having to check a screen.

5. Node-RED data pipeline from a sensor
A DIY soil moisture sensor (built on an ESP32 running ESPHome) sends its reading to a Node-RED flow via HTTP. Node-RED normalises the value and forwards it to a HA webhook, which updates a helper entity and triggers a notification if the soil is too dry.

Frequently asked questions

What is a webhook in Home Assistant?
A webhook in Home Assistant is an HTTP endpoint that triggers an automation when it receives an incoming POST or PUT request. The URL takes the form http://your-ha-ip:8123/api/webhook/your_webhook_id. The webhook ID acts as a secret token — anyone who knows it can fire the automation, so treat it like a password.
Can I trigger a Home Assistant webhook from outside my home network?
Yes, but you need to disable the 'local_only' setting on the webhook trigger and expose Home Assistant to the internet. The easiest way is a Nabu Casa Home Assistant Cloud subscription (around £6.50/month), which provides a secure public URL without port forwarding. Alternatively, you can set up a self-hosted reverse proxy with HTTPS. Never use plain HTTP for internet-facing webhooks.
How do I pass data to a Home Assistant webhook?
Send a JSON body with Content-Type: application/json and access values in your automation using {{ trigger.json.key_name }}. For form-encoded data, use {{ trigger.data.key_name }}. For URL query parameters, use {{ trigger.query.param }}. Only JSON and form data payloads are supported for data access within templates.
Why is my Home Assistant webhook not triggering?
Check the Home Assistant Logbook — it shows whether the request arrived but was blocked by a condition, or never arrived. Common causes: the webhook ID is wrong, the request is using the wrong HTTP method (only POST and PUT are allowed by default), the 'local_only' setting is blocking a request from outside your network, or the automation has a condition (such as a time range) that prevented it from running.

Sources

Sources verified 2026-06-19

  1. Home Assistant — Automation Triggers — Webhook
  2. Nabu Casa — Triggering an automation with a webhook trigger
  3. Home Assistant — IFTTT Integration
  4. Unsplash — Network data flow abstract — Conny Schneider
Sepehr

Written by

Sepehr

Head of Engineering with 15+ years of software experience and a decade of hands-on smart home tinkering. I run everything I write about — Home Assistant, Zigbee2MQTT, Frigate, and a full self-hosted homelab. Independent coverage, no brand deals, UK-focused.

LinkedIn →

Related reading