Hello!
I am trying to find a way to authenticate an Webhook request coming from Monday. The webhook is register via the api. So is there a way to know that an incoming Webhook request is indeed a request coming from Monday?
Hello there @sanel,
The endpoint you use for the webhook is chosen by you and no one will be able to access it from outside your account. Having said that, our webhooks do not use authentication methods like some information sent in the headers.
If you feel that this is an issue for you, you can always use our Apps Framework to create your integration in an app there with a custom action that could act as your webhook. There are a number of benefits including more robust authorization/validation.
Let me know if you have any questions 
Cheers,
Matias
Hey Matias,
Thanks for the reply.
That is right that it is chosen by me (the endpoint) however that does not guaranty that a 3th party would not send in a malicious request. So from there i would need a way to know if indeed it was you (Monday) who is doing the request or some malicious user.
If this is not supported i hope that this is something that will be supported in the future.
Hello again @sanel,
As I mentioned webhooks do not have an authentication method.
I will add your vote towards the request to authenticate webhooks.
Having said that, you can workaround this using our Apps Framework to create your integration in an app there with a custom action that could act as your webhook. There are a number of benefits including more robust authorization/validation.
Update – we released this in September! You can now authenticate webhooks created via the API. You’ll need to use a shortLivedToken or generate an app OAuth token for it, but it’s easy 
Hey @dipro,
Is this live? For my webhooks created by the app, I am not getting the authorization header.
Yes! The webhooks must be created via API, using a token belonging to an app (shortLivedToken or OAuth token).
If your webhook satisfies the two above conditions and is still not getting the header, please open a ticket with our support team – Support Form
Hi dipro, how can i create an webhook using the apps token? In the documentation it says i need to create a feature to the app and then get my token but i’m not understanding how to create this feature.
@elisa.bea Follow the steps here:
When you create a feature, you’ll be asked to choose a feature type. Choose “Integration for sentence builder.”
Then I usually use Postman to get an OAuth token to make requests on behalf of the app.
Postman will ask for some OAuth config information (Authorization URL, client ID, client secret, etc). You can find that in your app’s General settings section.
Instructions on how to request a token with Postman: How to request an OAuth token
Hello when i create a feature choosing “integration sentence builder” i don’t need to configurate anything in it? Just need to be created?