Does the webhook have an authentication mechanism?

I am looking at the integration of webhook, and would like to ask if the http callback of webhook has verification information. I think if my callback url is leaked, because it is open to the Internet, if there is no verification mechanism, there will be some risks. Can anyone help me, thanks

Hello there @ryan1 and welcome to the community!

I hope you like it here :muscle:

What we use for knowing that an endpoint is legitimate is the challenge as explained here.

The endpoint you use for the webhook is chosen by you and no one will be able to access it from outside your account. The challenge ensures that this is a valid endpoint that returns said challenge to monday.

We do not use other types of validations for this.

If you think other people know about your endpoint because you have shared it somehow, you can always change that endpoint :slightly_smiling_face:




If you feel that this is a critical issue for you, I would recommend shifting your integration to use monday’s Apps Framework. There are a number of benefits including more robust authorization/validation. And for this specific use case, it’s not super complex.

Jim - The Monday Man (YouTube Channel)
What is Make & How can it help you?
We Create Custom Solutions
Schedule a 1-on-1 Tutorial Session (for monday, Make & “City or Country?”)


Thanks for your guidance
I want to integrate with monday sales crm, the modifications made by crm are sent to me through webhook, instead of building the app myself, can this be achieved through app framework?


If you are referring to standard monday webhooks, yes.