Hello!
I am trying to find a way to authenticate an Webhook request coming from Monday. The webhook is register via the api. So is there a way to know that an incoming Webhook request is indeed a request coming from Monday?
Hello there @sanel,
The endpoint you use for the webhook is chosen by you and no one will be able to access it from outside your account. Having said that, our webhooks do not use authentication methods like some information sent in the headers.
If you feel that this is an issue for you, you can always use our Apps Framework to create your integration in an app there with a custom action that could act as your webhook. There are a number of benefits including more robust authorization/validation.
Let me know if you have any questions 
Cheers,
Matias
Hey Matias,
Thanks for the reply.
That is right that it is chosen by me (the endpoint) however that does not guaranty that a 3th party would not send in a malicious request. So from there i would need a way to know if indeed it was you (Monday) who is doing the request or some malicious user.
If this is not supported i hope that this is something that will be supported in the future.
Hello again @sanel,
As I mentioned webhooks do not have an authentication method.
I will add your vote towards the request to authenticate webhooks.
Having said that, you can workaround this using our Apps Framework to create your integration in an app there with a custom action that could act as your webhook. There are a number of benefits including more robust authorization/validation.
Update – we released this in September! You can now authenticate webhooks created via the API. You’ll need to use a shortLivedToken or generate an app OAuth token for it, but it’s easy 