Workflow Triggers

Triggers determine when and how your workflows execute. Every workflow must have exactly one trigger node that initiates the execution.

Trigger Types

Webhook Trigger

Execute workflows via HTTP requests from external systems.

Use Cases

• GitHub/GitLab webhooks
• Stripe payment notifications
• Zapier integrations
• Custom application events
• Third-party service callbacks

Configuration

Setting	Description
Webhook URL	Auto-generated unique endpoint
HTTP Methods	GET, POST, PUT, PATCH, DELETE
HMAC Verification	Signature-based authentication
Request Validation	JSON schema validation
Headers	Custom header requirements

Security Features

1. HMAC Signature Verification

   • Generate shared secret
   • Validate request signatures
   • Prevent unauthorized access
   • Configurable hash algorithm

2. IP Allowlisting

   • Restrict to specific IP ranges
   • Support CIDR notation
   • Multiple IP addresses

3. Custom Headers

   • Require specific headers
   • API key validation
   • Custom authentication

Example Webhook Request

curl -X POST https://api.strongly.ai/workflows/webhook/abc123 \
  -H "Content-Type: application/json" \
  -H "X-Webhook-Signature: sha256=..." \
  -d '{
    "event": "user.created",
    "user_id": "12345",
    "email": "user@example.com"
  }'

Accessing Webhook Data

// Access request body
{{ trigger.body.user_id }}
{{ trigger.body.email }}

// Access headers
{{ trigger.headers['content-type'] }}

// Access query parameters
{{ trigger.query.source }}

HMAC Verification

Always enable HMAC verification for production webhooks to ensure requests come from trusted sources.

Schedule Trigger

Execute workflows on a time-based schedule.

Use Cases

• Daily reports
• Data synchronization
• Cleanup tasks
• Periodic health checks
• Batch processing jobs

Schedule Types

1. Interval-Based

Run every X minutes:

Interval	Example Use Case
Every 5 minutes	Real-time monitoring
Every 15 minutes	Regular data sync
Every hour	Hourly aggregation
Every 6 hours	Periodic cleanup

2. Daily Execution

Run once per day at a specific time:

Time: 09:00 AM
Timezone: America/New_York
Days: Monday - Friday

3. Cron Expression

Use cron syntax for complex schedules:

# Every weekday at 9 AM
0 9 * * 1-5

# First day of every month at midnight
0 0 1 * *

# Every 30 minutes during business hours
*/30 9-17 * * 1-5

# Quarterly on the 1st at 6 AM
0 6 1 */3 *

Cron Format

┌───────────── minute (0 - 59)
│ ┌───────────── hour (0 - 23)
│ │ ┌───────────── day of month (1 - 31)
│ │ │ ┌───────────── month (1 - 12)
│ │ │ │ ┌───────────── day of week (0 - 6) (Sunday=0)
│ │ │ │ │
* * * * *

Configuration

Setting	Description
Schedule Type	Interval, Daily, or Cron
Timezone	Execution timezone
Start Date	When schedule begins (optional)
End Date	When schedule ends (optional)
Max Concurrent	Limit simultaneous executions

Accessing Schedule Data

// Access execution time
{{ trigger.scheduledTime }}
{{ trigger.actualTime }}

// Check if delayed
{{ trigger.delayed }}

Timezone Awareness

Always specify the correct timezone for scheduled workflows. Server time may differ from your local time.

REST API Trigger

Expose workflows as authenticated API endpoints.

Use Cases

• Internal microservices
• Public APIs
• Mobile app backends
• Third-party integrations
• Synchronous processing

Configuration

Setting	Description
Endpoint Path	Custom URL path (e.g., /api/process)
HTTP Methods	Allowed request methods
Authentication	API key, JWT, OAuth 2.0
Rate Limiting	Requests per minute/hour
Request Schema	JSON schema for validation
Response Schema	Expected response format

Authentication Methods

1. API Key

curl https://api.strongly.ai/api/process \
  -H "X-API-Key: your-api-key" \
  -d '{"data": "value"}'

2. Bearer Token (JWT)

curl https://api.strongly.ai/api/process \
  -H "Authorization: Bearer eyJhbGc..." \
  -d '{"data": "value"}'

3. OAuth 2.0

• Client credentials flow
• Authorization code flow
• Token introspection

Rate Limiting

Configure request limits:

Limit Type	Configuration
Per Minute	Max requests per minute
Per Hour	Max requests per hour
Per Day	Max requests per day
Per User	Limits per API key

Response Handling

Use the API Return destination node to send responses:

{
  "status": "success",
  "data": {{ processedData }},
  "timestamp": {{ execution.timestamp }}
}

HTTP Status Codes

Code	Usage
200	Success
400	Invalid request
401	Unauthorized
429	Rate limit exceeded
500	Workflow error

Example API Request

// POST request
fetch('https://api.strongly.ai/api/process', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-API-Key': 'your-api-key'
  },
  body: JSON.stringify({
    input: 'data to process'
  })
})
.then(res => res.json())
.then(data => console.log(data))

Form Trigger

Collect user input through web forms.

Use Cases

• Contact forms
• Lead generation
• Survey submissions
• User feedback
• Application forms
• Registration workflows

Configuration

Setting	Description
Form Fields	Field definitions and types
CAPTCHA	reCAPTCHA v2/v3 protection
Validation Rules	Required fields, formats
Success Message	Confirmation text
Redirect URL	Post-submission redirect
Email Notifications	Notify on submission

Field Types

Type	Description	Validation
Text	Single-line text	Max length, pattern
Email	Email address	Email format
Phone	Phone number	Phone format
Number	Numeric input	Min/max value
Textarea	Multi-line text	Max length
Select	Dropdown selection	Allowed values
Checkbox	Boolean value	Required/optional
File	File upload	Type, size limits
Date	Date picker	Date range

Form Example

<!-- Auto-generated form HTML -->
<form action="https://api.strongly.ai/forms/abc123" method="POST">
  <input type="text" name="name" required>
  <input type="email" name="email" required>
  <textarea name="message" required></textarea>

  <!-- reCAPTCHA -->
  <div class="g-recaptcha" data-sitekey="..."></div>

  <button type="submit">Submit</button>
</form>

CAPTCHA Protection

reCAPTCHA v2

• Checkbox challenge
• Image selection
• Invisible mode

reCAPTCHA v3

• Score-based (0.0 - 1.0)
• No user interaction
• Configurable threshold

Validation Rules

{
  "name": {
    "required": true,
    "minLength": 2,
    "maxLength": 100
  },
  "email": {
    "required": true,
    "format": "email"
  },
  "phone": {
    "required": false,
    "pattern": "^\\+?[1-9]\\d{1,14}$"
  }
}

Accessing Form Data

// Access submitted fields
{{ trigger.formData.name }}
{{ trigger.formData.email }}

// Access metadata
{{ trigger.submittedAt }}
{{ trigger.userAgent }}
{{ trigger.ipAddress }}

Embedded Forms

Embed forms in your website:

<!-- IFrame embed -->
<iframe
  src="https://api.strongly.ai/forms/abc123/embed"
  width="100%"
  height="600"
  frameborder="0">
</iframe>

Form Spam Protection

Always enable CAPTCHA for public forms to prevent spam submissions. Use reCAPTCHA v3 for invisible protection.

Trigger Best Practices

Security

1. Enable Authentication: Always use HMAC, API keys, or OAuth
2. Validate Input: Use JSON schemas and validation rules
3. Rate Limiting: Prevent abuse with rate limits
4. IP Allowlisting: Restrict access when possible
5. HTTPS Only: Never accept HTTP requests

Performance

1. Timeout Configuration: Set appropriate timeouts
2. Concurrent Limits: Control parallel executions
3. Payload Limits: Restrict request size
4. Async Processing: Return early for long workflows

Monitoring

1. Track Execution Counts: Monitor trigger frequency
2. Alert on Failures: Set up failure notifications
3. Log Requests: Keep audit trail
4. Performance Metrics: Track response times

Testing

1. Test with Sample Data: Verify trigger configuration
2. Check Authentication: Test auth mechanisms
3. Validate Responses: Ensure correct output format
4. Load Testing: Test under expected load

Common Patterns

Webhook + Validation

Webhook Trigger
  → Conditional (Validate signature)
    → [Valid] → Process workflow
    → [Invalid] → API Return (401 error)

Scheduled Batch Processing

Schedule Trigger (Daily at 2 AM)
  → REST API (Fetch records)
  → Loop (Process each record)
  → MongoDB (Update database)
  → Gmail (Send completion report)

API with Rate Limiting

REST API Trigger (Rate: 100/min)
  → Conditional (Check quota)
    → [Under limit] → Process request
    → [Over limit] → API Return (429 error)

Form with Email Notification

Form Trigger
  → Entity Extraction (Parse submission)
  → MongoDB (Store data)
  → Gmail (Send confirmation)
  → API Return (Success message)

Troubleshooting

Webhook Not Triggering

• Verify webhook URL is correct
• Check HMAC signature configuration
• Review IP allowlist settings
• Inspect request logs for errors

Schedule Not Running

• Confirm timezone settings
• Check start/end date configuration
• Verify workflow is deployed and active
• Review execution history for errors

API Returning Errors

• Validate request format
• Check authentication credentials
• Review rate limit settings
• Inspect workflow error logs

Form Submissions Failing

• Test CAPTCHA configuration
• Verify field validation rules
• Check file upload limits
• Review browser console for errors

Next Steps

• Configure workflow nodes
• Test your workflows
• Deploy to production
• See workflow examples