This repository contains two different approaches to identify and manage n8n workflows that have webhook triggers without authentication enabled.
This code was created during a live stream teaching how to prevent exposing webhook triggers in n8n in Spanish.
- π¬ YouTube: @Prompt_and_Play
- ποΈ Podcast: Spotify Episode
- π¦ Twitter: @Prompt_and_Play
A pure n8n workflow solution that:
- Lists all workflows with unauthenticated webhook triggers
- Provides an interactive HTML dashboard with dark/light themes
- Includes a secure deactivation workflow that validates before disabling
- Requires no external code or configuration
Best for: Users who prefer a no-code solution within n8n itself.
Uses n8n's backend hooks feature to:
- Send notifications when workflows with unauthenticated webhooks are activated
- Optionally deactivate workflows automatically using the shared deactivation workflow
- Enforce security policies at the infrastructure level
Best for: Teams wanting automated enforcement and real-time alerts.
Choose the solution that best fits your needs:
- Solution 1: Import the workflow files into your n8n instance
- Solution 2: Configure your n8n Docker setup with the provided hooks
Each solution folder contains:
- Detailed setup instructions
- Required files and configurations
- Diagrams explaining the flow
Both solutions use a common deactivation workflow that validates and deactivates workflows with unauthenticated webhooks.
π View Shared Components β
Exposing webhook triggers without authentication can be a security risk. These solutions help you identify and manage such workflows proactively.
Feel free to open issues or submit pull requests with improvements!
MIT