Custom Trigger tutorial wrong?

I was following all the steps in the “Build Custom Triggers” tutorial: https://monday.com/developers/apps/custom-trigger.

I followed all the steps in that tutorial, but in the “Call an action” part, it says to do a POST request to the subscriptionURL that is returned from the subscription for example in my case it would be:

https://api-gw.monday.com/automations/apps-events/[a_number]

However, I am getting a 401 unauthorized on that endpoint. The tutorial does not say to add an authorization header.

If I add an authorization token to the header, the same error shows.

How does that subscription endpoint should be called?

Hey @xap5xap.
AFAIK endpoints should be on your own server where you perform the OAuth process, not on monday.com one.
Or am I missing something?

Hi @rob thanks for replying. The documentation says that you need 2 endpoints: 1 for subscribing and one for unsubscribing.
When the user adds your recipe, it will call your subscript endpoint. With some parameters one of them is the subscriptionUrl. (however, in reality it returns a webhookUrl, I think the documentation is incorrect.)

When something happens in your platform, the documentation says that you have to call that webhookUrl. But, it always returns a 401unauthorized. I am sending the auth other, but it is always returning a 401 unauthorized.

Now, that’s what I understand from the documentation, but I am not sure what I am doing wrong, or if the documentation is wrong, since I am a newbie in monday app dev platform

Hey @xap5xap! Can you share the snippet of code that calls the webhook URL? (please remove any auth tokens or signing secrets).

Would love to see how you’re structuring your request so we can troubleshoot.

Hi @dipro, I am just using postman to test.
In postman I do a POST request to the webhookURL.
The documentation doesn’t say to add an authentication token on that call.
The response says 401 unauthorized

Attached is the postman image

Hey! Let me check with the team and I’ll get back to you.

Hey @xap5xap – you need to add your app’s shared secret to the Authorization header.

This is how you get your app’s shared secret:

Can you try it and let me know if that helps?

Hi @dipro, thanks for replying. Could you please explain more? To the Authorization header do you mean as a key value pair? If so, what is the key name to send the client secret?**

Hi @dipro, can you please help me with this? I am trying to create an app for the challenge, but the custom trigger tutorial doesn’t say anything about sending a secret. Can you guys please update the tutorial? :pray:

1 Like

Hi @xap5xap,

I believe you will need to enter the authorization token in Postman here:


Is this what you’re looking for?

Hi @Helen and @xap5xap,

I believe the type should also be ‘basic auth’ for postman in this case.

Hey everyone, wanted to close the loop on this.

Last week we did indeed find an error in our documentation about custom triggers and fixed it. Specifically, the documentation had the wrong JSON response body and did not include any information about authorization.

Here’s the section we updated, if you’re interested:

1 Like

Hi @dipro, @xap5xap

As Xavier is stating correctly there is another glitch in the documentation as it says that the subscriptionUrl is passed in the subscribe request, it is actually called webhookUrl.

The other question Xavier is asking (an now also from myself :slight_smile:) is where / how to put the client secret in the authorization header. Is that as a key / value pair?

From the last webinair I understand to put the client secret as API key. Unfortunately it still throws a 401

Hey @basdebruin – good catch; I just updated the docs.

For the header, can you make sure you’re using the Signing Secret (not client secret)?

Hi @dipro

That really helps (using the signing secret in stead of client secret). Works on Postman, next step is to figure out how to do this in code.

A little puzzled whether to include the values of the output fields in the body of the request. Aren’t those values passed from the custom trigger?

You should include the output field values in the body of the request. Your request represents the custom trigger being invoked, and the trigger’s output fields will be passed through the recipe to the action, as input fields.

Does that make sense?

Makes sense, I was just wondering what the purpose of the trigger output fields are. Can I only supply values to the action part (from my backend) that are defined in the output fields of the trigger?

The trigger output fields supply data about the actual trigger. If your trigger was invoked when a lead was created in your CRM, you might include data about the lead (lead name, ID, phone number, favourite color).

You can also supply values to the action based on the recipe context and the recipe sentence (like in the quickstart guide).

1 Like

Hi @dipro my question is similar to @basdebruin,
I don’t want to define any output fields for my custom trigger…I want to supply values to the action from my backend without defining, how is that possible any suggestion would be helpful.

Thanks