Hi I have tested the http://shortcut.com/ webhooks on webhook.site and it works fine when I move a card I get an event with JSON payload.
…But when I try to give the Shortcut webhook integration my cursor URL to automate code generation when moving a story card, Cursor just never seems to receive the event. Is there something I am doing wrong?
Hey, thanks for the request. The Cursor webhook endpoint requires an Authorization: Bearer <api-key> header on every incoming request. You can generate it via the Generate auth header button in the Automations dashboard. Without that header, the request gets rejected before the event reaches the automation, so nothing shows up in Cursor.
The issue is that shortcut.com webhooks only support a URL plus an optional secret for an HMAC signature. You can’t set custom HTTP headers there. So a direct Shortcut → Cursor connection won’t work.
A working workaround is to put a thin middleware in between:
Shortcut sends the webhook to your proxy (Cloudflare Worker, AWS Lambda, Zapier, make.com, whatever you prefer).
The proxy forwards the payload to https://api2.cursor.sh/automations/webhook/<id> and adds the Authorization: Bearer crsr_... header.
Cloudflare Worker or Zapier is usually the fastest option for this. Let me know if anything doesn’t work.
Hi Dean, thank you so much for your help here. Yes, I think I reached the same conclusion you have explained. Thanks so much.
In the end, I built my own middleware, hosted on Sevalla that’s passing the webhook through to Cursor from Shortcut triggers. Really cool. Feels like Cursor could do more to help us create more automated workflows. Thanks again nice that people help out on here
Glad it took off, and it’s awesome you shared that you built this on Sevalla. It’ll make it easier for other users with the same use case.
Got your UX feedback on automations. I agree that first-party support for incoming webhooks without middleware would be more convenient. I’ll log it as a signal for the team, but I can’t share an ETA for this feature.
If you hit anything else with automations, or if the Sevalla proxy stops working, come back to the thread.
@hallodom your post is part of what pushed me to build a capture-and-forward-with-auth step into FlurryPORT (a webhook tool I work on, full disclosure), so thanks for the clear writeup of the Shortcut to Cursor header problem. If you ever get tired of hosting the Sevalla proxy yourself, I’d love for you to try it and tell me where it falls short, since your use case basically shaped the feature.
Thanks again nice that people help out on here 