This tutorial does not cover how to expose your Tracecat instance to the public internet.

  • If you’re running Tracecat locally, you’ll need use a tunneling service like ngrok to receive webhook requests from the public internet.
  • If you’re running Tracecat on AWS Fargate, Tracecat is automatically exposed to the public internet via an Application Load Balancer.

What you’ll learn

By the end of this tutorial, you’ll learn how to create two types of workflows:

  • A webhook workflow that receives a JSON string and decodes it using the FN.deserialize_json function.
  • A scheduled workflow that sends a notification to a Slack channel at a regular interval.

Trigger Action

Every Tracecat workflow comes with a single Trigger action. This trigger action cannot be deleted. Click on the Trigger action to activate the webhooks and schedules configuration panel.

Reference data from a webhook

Use the ${{ TRIGGER }} expression context to reference data passed via webhooks. A child workflow also receives input data via ${{ TRIGGER }} context.

Learn more in the child workflows and expressions docs.

Webhook workflow

Webhook URLs are secrets and should not be exposed in public. The webhook URL shown in the UI screenshots are for demonstration only.

Webhooks are disabled by default. To activate a workflow’s webhook, click on the Trigger action, then toggle the webhook on. Events can then be triggered by making a POST request to the webhook URL. Webhook URLs are formatted as:

WEBHOOK_URL=https://<tracecat-public-url>/api/webhooks/<workflow-id>/<webhook-secret>

Some servers require a response after the webhook payload is received. For example, Slack event subscriptions require a 200 response along with a challenge token contained in the webhook payload.

Add the query parameter echo=true to the webhook URL to echo the webhook payload back to the server. By default, we return the workflow context (e.g. execution_id) as the response to the webhook POST request. To return an empty response with status code 200, set the query parameter empty_echo=true.

https://${WEBHOOK_URL}?echo=true

Webhooks currently support the following content types:

  • application/json
  • application/x-ndjson
  • application/www-form-urlencoded
1

Deserialize JSON action

Add the core.transform.reshape action to the workflow. Use the FN.deserialize_json function to decode an incoming JSON string via webhook.

value: ${{ FN.deserialize_json(TRIGGER.payload)}}

2

Save workflow

Save the workflow.

3

Toggle webhook

Click on the Trigger action. Enable the webhook by clicking on the toggle switch. The workflow will now receive webhook events.

4

POST webhook request

Copy the webhook URL to your clipboard, then make a POST request to the webhook URL. For example, using curl:

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"payload": "{\"name\": \"John\", \"age\": 30}"}' \
  <webhook-url>
5

View workflow runs

Go to the Runs view and check that the workflow has run successfully. The workflow should have received the webhook payload and deserialized it into a JSON object.

Scheduled workflow

This tutorial requires:

  • A Slack workspace with a Slack app installed into a channel.
  • The Slack app has the chat:write bot token scope.
1

Post notification action

Add the Slack Post notification action to the workflow. Don’t forget to add your Slack bot token as a workspace secret. This secret must be named slack with the key SLACK_BOT_TOKEN.

2

Schedule workflow

Add the Schedule trigger to the workflow.

3

Save workflow

Save the workflow. You can save the workflow before configuring the schedule.

4

Configure schedule

Configure the schedule to run every 60 seconds. Once the schedule is configured, the workflow will run every 60 seconds. The first scheduled workflow starts 60 seconds after the schedule is created.

5

View workflow runs

You can view the workflow runs in the Runs view.

6

Pause or delete schedule

You can pause or delete the schedule by selecting the schedule menu in the Trigger settings panel.