How to Connect Your Form to n8n
Route form submissions from any static site into an n8n workflow using ShipMyForm's free webhook connector. Setup, field mapping, and request verification.
The ShipMyForm team
· 4 min read
You have a form on a static site, and you want each submission to actually do something: ping a Slack channel, open a task, enrich the lead, drop a row in a database. That is exactly what n8n is built for. The only missing piece is getting the submission out of your form and into n8n cleanly, without standing up a server to sit in the middle.
ShipMyForm is that piece. It catches the form post (storage, spam filtering, one endpoint), and its webhook connector forwards every submission to your n8n Webhook node as JSON. No serverless function, no polling, no glue code. Here is the whole setup, plus how to map the fields and verify that the requests are really coming from you.
Why ShipMyForm and n8n go together
It is a clean division of labour. ShipMyForm handles the boring, easy-to-get-wrong part of a public form: catching the POST, storing it, and filtering spam before it ever reaches you. n8n handles what happens next: the branching, the API calls, the notifications. Your site stays a static file on a CDN, and neither tool has to know much about the other. They meet at a single webhook URL.
Before you start: n8n has to be reachable
One thing to get right up front. ShipMyForm delivers over the public internet and blocks private and internal addresses as a security measure (so a compromised config cannot be pointed at your internal network). That means:
- n8n Cloud works out of the box.
- Self-hosted n8n on a public domain works.
- n8n on
localhost, a LAN IP, or inside a private network will not receive anything, because ShipMyForm cannot reach it.
Expose it with n8n’s built-in tunnel (n8n start --tunnel) or a
tunnel like cloudflared or ngrok, then use that public URL in the webhook
connector. Swap in your real domain before you go live.
Step 1: create the Webhook node in n8n
- Create a new workflow and add a Webhook node.
- Set the HTTP Method to
POST. - Copy the node’s Production URL (use the Test URL while you are still building the flow).
- Activate the workflow so the production URL goes live.
Leave the node’s authentication set to none for now. We will lock it down with the request signature in step 4, which is the right way to secure this.
Step 2: point ShipMyForm at your n8n URL
In your ShipMyForm dashboard, open the form, go to Connectors, and add the Webhook connector (it is on the free plan). Paste the n8n Webhook URL and save. ShipMyForm generates a signing secret at this point. Keep it handy for step 4.
Your form itself does not change. It is still one line of HTML pointing at your endpoint:
<form action="https://shipmyform.com/f/YOUR_FORM_ID" method="POST">
<input name="email" type="email" required />
<textarea name="message" required></textarea>
<button type="submit">Send</button>
</form>Step 3: send a test and read the shape
Hit Send test in the connector (or just submit the real form). n8n receives a
POST with a body like this:
{
"id": "sub_1a2b3c",
"formId": "frm_XXXXXXXX",
"formName": "Contact form",
"submittedAt": "2026-07-13T10:32:00.000Z",
"status": "ok",
"spamScore": 0,
"data": {
"email": "[email protected]",
"message": "Loved the guide, can we talk?"
}
}Your form fields live under data. The top-level keys are ShipMyForm metadata:
formName, submittedAt, a spamScore, and the submission id.
The n8n Webhook node nests the incoming request under body, so in every node
after it you reference values like this:
{{ $json.body.data.email }}
{{ $json.body.data.message }}
{{ $json.body.formName }}
{{ $json.body.submittedAt }}That is the whole integration. Everything from here is just building the workflow you want in n8n.
Step 4 (recommended): verify the request is really from ShipMyForm
Because your Webhook node is open to the internet, you should confirm each request
is genuine before acting on it. Every ShipMyForm delivery carries an
X-ShipMyForm-Signature header: the string sha256= followed by an
HMAC-SHA256 of the raw request body, keyed with the signing secret from your
webhook connector. Recompute it in a Code node placed right after the Webhook
node and drop anything that does not match:
const crypto = require("crypto");
const secret = "YOUR_WEBHOOK_SECRET"; // from the ShipMyForm connector settings
const raw = JSON.stringify($json.body);
const expected =
"sha256=" + crypto.createHmac("sha256", secret).update(raw).digest("hex");
const received = $json.headers["x-shipmyform-signature"];
if (received !== expected) {
throw new Error("Invalid ShipMyForm signature, dropping request");
}
return items;An HMAC only matches if it is computed over the same raw body ShipMyForm signed. If your check fails even though the secret is right, enable the Webhook node’s raw-body option so n8n hands you the unparsed payload, and hash that instead of a re-serialized object.
What you can build once it is wired up
With submissions flowing into n8n, the workflow is entirely yours. A few common ones:
- Notify a channel the moment a form comes in (Slack, Discord, Telegram).
- Create a task or ticket in Notion, Trello, Asana, or Linear from each message.
- Route by field, for example send sales enquiries to your CRM and support
requests to your help desk, using an
IFnode on adatafield. - Enrich the lead with an API call, then add it to a spreadsheet or CRM.
- Auto-reply to the submitter and log the thread, all in one flow.
Because ShipMyForm also stores every submission, you keep a durable record even if a workflow run fails, so nothing is lost while you iterate on the automation.
Prefer Zapier or Make?
Same idea. ShipMyForm has a dedicated Zapier connector that posts to a Catch Hook, and for Make (or anything else with an inbound webhook) the same Webhook connector you used above works without changes. n8n just happens to be the nicest fit if you want to self-host your automations or keep the data on your own infrastructure.
Next steps
- New here? Start with what a form backend actually is.
- Want the email side too? See how to send an HTML form to your email.
- Read the webhook connector docs for the full payload and header reference.
- Start free, the webhook connector and 100 submissions a month are on every plan, no card required.
Frequently asked questions
- Do I need a paid plan to send form submissions to n8n?
- No. The webhook connector is on the free plan, and that is all you need to reach n8n. You point the webhook at your n8n Webhook node URL and every submission is delivered as JSON.
- Can I use a self-hosted n8n instance?
- Yes, as long as it is reachable on the public internet. ShipMyForm delivers over the public internet and blocks private and internal addresses for security, so an n8n running on localhost or a LAN IP will not receive anything. Use n8n Cloud, a public domain, or expose your local instance with a tunnel while testing.
- How do I reference form fields inside n8n?
- Your form fields arrive under a data object in the JSON body. The n8n Webhook node nests the request body under body, so in later nodes you reference a field as $json.body.data.<fieldname>, for example $json.body.data.email.
- How do I confirm a request really came from ShipMyForm?
- Every delivery includes an X-ShipMyForm-Signature header: the string sha256= followed by an HMAC-SHA256 of the raw request body, keyed with the signing secret from your webhook connector. Recompute it in a Code node and reject anything that does not match.
Related guides
What Is a Form Backend? (And When You Need One)
The plain-language definition, how form endpoints work, and when a hosted backend beats rolling your own.
How to Send an HTML Form to Your Email (Without a Backend)
Why mailto: and PHP mail() let you down on a static site — and the reliable way to get form submissions into your inbox, spam folder avoided.
How to Stop Contact Form Spam Without reCAPTCHA
Honeypots, rate limiting, and Turnstile — layered spam defenses that beat reCAPTCHA without the puzzles.