Protect incoming Seatable events with a simple gateway that checks each request before anything else runs. It screens every webhook call, so only real messages reach your processing nodes. Ideal for teams that depend on Seatable updates and want a safe entry point.

An HTTP webhook node accepts POST requests and keeps the raw body intact. A crypto step builds an HMAC SHA256 value from that raw body using your shared secret and stores it in a field. A condition then compares this value to the x-seatable-signature header after removing the sha256 prefix. Matching requests branch to your processing path and return 200 OK, while mismatches return 403 Forbidden and stop there. Because verification happens before any data write or API call, you reduce risk and wasted compute. The structure also separates security from business steps, which keeps your flows clear and easy to update.

Set the secret in the HMAC step, choose a webhook path, and attach your own logic to the approved path. Expect fewer false calls, faster audits, and less custom code to maintain. Great for secure row change alerts, sync triggers, or any action that should run only when the signature is valid. You can plug in database writes, notifications, or third party APIs after the check without changing the auth layer.

• Webhook trigger captures POST requests and preserves the raw body for hashing.
• HMAC SHA256 calculation using a shared secret to create a trusted signature.
• Header parsing removes the sha256 prefix from x-seatable-signature before comparison.
• Conditional check routes valid events to processing and invalid events to a 403 response.
• Built in 200 OK and 403 Forbidden responses controlled inside n8n.
• Dedicated handoff node where you attach your own processing steps.

• Block unauthorized webhook calls before they hit your systems
• Cut custom auth work from hours of code to minutes of setup
• Improve data trust by verifying every event signature
• Reduce support time by rejecting bad requests at the edge
• Scale safely as volume grows with a light, stateless check

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Seatable. See the Tools Required section above for links to create accounts with these services.
3. Open the Webhook node. Set a clear path and confirm Response mode is set to use a response node. Copy the production URL for use in Seatable.
4. In the Webhook node options, make sure Raw Body is enabled so the crypto step can hash the exact payload.
5. Open the Calculate sha256 node. Enter your shared secret in the HMAC settings. Confirm the data property name is set to seatable-signature and that it reads binary data from the raw body.
6. In your Seatable admin, create or edit a webhook. Paste the n8n production URL. Set the webhook secret to the same value used in the Calculate sha256 node. Seatable will send x-seatable-signature with a sha256 prefix.
7. Attach your business logic to the approved branch by connecting new nodes after the Add nodes for processing step. Keep the 200 OK node on the success path and the 403 node on the fail path.
8. Run a test from Seatable. Send a sample event and confirm you receive 200 OK and your processing nodes run when the secret matches.
9. Negative test: temporarily change the secret in Seatable or n8n and send another event. You should receive 403 Forbidden and no processing should occur.
10. Troubleshoot common issues: if every call fails, verify the secrets match, confirm Raw Body is on, and check that the header name is x-seatable-signature and includes the sha256 prefix.
11. When tests pass, activate the workflow and update any documentation so teammates know the path and secret storage location.