Connect external services like Stripe, Zapier, and Make to your Bubble app by exposing backend workflows as webhook endpoints. This tutorial shows how to enable the Workflow API, create backend workflows that accept incoming data, parse webhook payloads from popular services, and secure your endpoints with API tokens to prevent unauthorized access.
Overview: Linking External Triggers to Backend Workflows
Backend workflows in Bubble can be triggered by external services via HTTP requests, turning your Bubble app into a webhook receiver. This is essential for integrations like Stripe payment confirmations, Zapier automations, and Make scenarios that need to push data into your Bubble app. This tutorial covers the setup from enabling the API to securing your endpoints.
Prerequisites
- A Bubble account with an app
- Basic understanding of backend workflows in Bubble
- An external service that can send webhooks (Stripe, Zapier, Make, or any HTTP-capable tool)
- Understanding of what a webhook is (an HTTP request sent from one service to another when an event occurs)
Step-by-step guide
Enable the Workflow API in Bubble settings
Enable the Workflow API in Bubble settings
Go to Settings → API tab in the left sidebar. Check the box labeled 'Enable Workflow API and backend workflows.' This activates the ability to create server-side workflows that can be called via HTTP. You will also see an API token section — generate a token by clicking 'Generate a new API token.' Copy this token and store it securely. External services will include this token in their requests to authenticate.
Pro tip: Generate separate API tokens for each external service so you can revoke one without affecting others.
Expected result: The Workflow API is enabled and you have an API token for authenticating incoming requests.
Create a backend workflow endpoint
Create a backend workflow endpoint
Go to the Workflow tab, open the pages dropdown at the top, and click 'Backend workflows' at the bottom. Click to add a new API workflow. Name it descriptively (e.g., 'stripe-payment-received' or 'zapier-new-lead'). Check 'Expose as a public API workflow' to make it callable externally. The endpoint URL will be: https://yourapp.bubbleapps.io/api/1.1/wf/workflow-name. Add parameters for the data you expect to receive — for example, for a Stripe webhook: add parameters like event_type (text), payment_id (text), amount (number), customer_email (text).
Expected result: A backend workflow is exposed at a public URL, ready to receive incoming HTTP requests with defined parameters.
Configure the external service to send webhooks
Configure the external service to send webhooks
In your external service (e.g., Stripe, Zapier, or Make), set up a webhook that points to your Bubble backend workflow URL. For Stripe: go to Developers → Webhooks → Add endpoint → paste your URL → select events. For Zapier: use the Webhooks by Zapier action → POST → paste your URL → map fields to your Bubble parameters. For Make: use the HTTP module → Make a request → POST → paste your URL → set the body to JSON with your parameter names as keys. Include the Bubble API token in the request header as Authorization: Bearer YOUR_TOKEN.
1POST https://yourapp.bubbleapps.io/api/1.1/wf/stripe-payment-received23Headers:4 Authorization: Bearer YOUR_BUBBLE_API_TOKEN5 Content-Type: application/json67Body:8{9 "event_type": "checkout.session.completed",10 "payment_id": "pi_3abc123",11 "amount": 2999,12 "customer_email": "buyer@example.com"13}Expected result: The external service is configured to send webhook requests to your Bubble backend workflow URL.
Process the incoming webhook data
Process the incoming webhook data
In your backend workflow, add actions to process the incoming data. For example: Step 1 — Create a new thing (Type: Payment) with fields mapped from the parameters: Payment_ID = payment_id, Amount = amount/100 (convert cents to dollars), Customer_Email = customer_email. Step 2 — Search for the User with matching email and Make changes to update their subscription status. Step 3 — Optionally schedule another API workflow to send a confirmation email. Use 'Only when' conditions on actions for different event types — for example, only process refunds when event_type is 'charge.refunded.'
Expected result: Incoming webhook data is processed and stored in your Bubble database with appropriate actions triggered.
Secure your webhook endpoints
Secure your webhook endpoints
To prevent unauthorized requests, implement these security measures: (1) Require the API token — Bubble automatically rejects requests without a valid token when 'This workflow requires authentication' is checked. (2) Validate the source — for Stripe, verify the webhook signature using the signing secret. (3) Add parameter validation — use 'Only when' conditions to skip processing if required parameters are empty. (4) Log all incoming requests to an AuditLog Data Type with the sender's data, timestamp, and processing result. For high-security integrations with payment or sensitive data, RapidDev can implement advanced webhook validation including signature verification and IP allowlisting.
Expected result: Webhook endpoints are secured with authentication tokens, parameter validation, and request logging.
Complete working example
1EXTERNAL TRIGGERS — WORKFLOW SUMMARY2=====================================34SETUP:5 Settings → API → Enable Workflow API6 Generate API token for authentication78BACKEND WORKFLOW: stripe-payment-received9 Endpoint: /api/1.1/wf/stripe-payment-received10 Exposed: Yes (public API workflow)11 Auth required: Yes12 Parameters: event_type (text), payment_id (text),13 amount (number), customer_email (text)1415 Actions:16 1. Create new Payment record17 - Payment_ID = payment_id18 - Amount = amount / 10019 - Customer_Email = customer_email20 - Received_At = Current date/time21 2. Search for User (email = customer_email)22 Make changes → Subscription_Status = Active23 3. Schedule API workflow: send-confirmation-email24 (Only when event_type is 'checkout.session.completed')2526EXTERNAL SERVICE CONFIGURATION:27 Stripe: Developers → Webhooks → Add endpoint28 Zapier: Webhooks by Zapier → POST action29 Make: HTTP → Make a request → POST3031 All services send to:32 URL: https://yourapp.bubbleapps.io/api/1.1/wf/stripe-payment-received33 Header: Authorization: Bearer <BUBBLE_API_TOKEN>34 Body: JSON with parameter names as keys3536SECURITY:37 - Check 'This workflow requires authentication'38 - Validate required parameters with 'Only when' conditions39 - Log all requests to AuditLog Data Type40 - Use separate API tokens per external serviceCommon mistakes when linkking external triggers to backend workflows in Bubble.io: Step-by-Step Gu
Why it's a problem: Forgetting to check 'Expose as a public API workflow'
How to avoid: Open the backend workflow settings and check 'Expose as a public API workflow' to make it accessible via HTTP.
Why it's a problem: Using the development URL for webhooks instead of the live URL
How to avoid: Use your live app URL (custom domain or appname.bubbleapps.io) for webhook endpoints. Update the URL when deploying.
Why it's a problem: Not deploying the backend workflow before testing
How to avoid: Deploy your app to live (or at least the API portion) before configuring external webhooks.
Best practices
- Generate separate API tokens for each external service for granular access control
- Log all incoming webhook requests to a database table for debugging and audit trails
- Use 'Only when' conditions to handle different event types within the same workflow
- Test webhook endpoints with tools like Postman or Reqbin before configuring the external service
- Deploy backend workflows to live before configuring webhooks in external services
- Add error handling to webhook workflows — create error records if processing fails
- Return a response quickly from the webhook (Bubble does this automatically) to prevent timeout retries from external services
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I need to set up my Bubble.io app to receive webhooks from Stripe when a payment is completed. Can you help me create a backend workflow endpoint, configure the parameters, and process the incoming data?
Create a backend workflow called 'stripe-payment-received' that accepts parameters for event_type, payment_id, amount, and customer_email. When triggered, it should create a Payment record and update the matching user's subscription status.
Frequently asked questions
Can I receive webhooks on Bubble's Free plan?
Yes. Backend workflows and the Workflow API are available on all Bubble plans. However, the Free plan cannot deploy to a custom domain, so your webhook URL will use the bubbleapps.io domain.
How do I debug a webhook that is not firing?
Check: (1) the workflow is deployed to live, (2) 'Expose as a public API workflow' is checked, (3) the URL matches exactly, (4) the API token is correct. Check Server Logs in the Logs tab for incoming request details.
What if the external service retries the webhook?
Most services retry on failure (Stripe retries for up to 3 days). Add idempotency logic: check if a Payment record with the same payment_id already exists before creating a duplicate.
Can I send data back in the webhook response?
Yes. Backend workflows can return data to the caller. Add a 'Return data from API' action at the end of the workflow with the data you want to send back.
How many webhooks can Bubble handle simultaneously?
Bubble processes backend workflows server-side and can handle multiple concurrent requests. However, very high volumes may hit your Workload Unit limits. Monitor usage in Settings → Metrics.
Can RapidDev help set up complex webhook integrations?
Yes. RapidDev can architect multi-service webhook systems with signature verification, retry handling, idempotency, and error recovery for mission-critical integrations.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation