How to offer Monday Integration as code

I’ve been tasked to setup a Monday to Internal-to-my-company tool setup that can keep matching fields on both side updated when either side is modified. This seems like a pretty simple setup as both Monday and the internal tool have easy to use APIs for updating fields and receiving webhooks when a field changes, or so I thought.

The prototype has used Monday Webhooks, not a Monday app, and does everything I need it to do except that as I get ready to actually host this somewhere I have discovered that Monday outbound webhooks don’t appear to offer any mechanism to validate that they come form Monday.

Once I got past the insanity of this lack of security on the Monday outbound Webhooks I started looking for how I could get information from Monday about various changes that did have some security to them and quickly concluded that Apps and Integrations are the right tool for this job.

This seems like my problem is solved except that I’m not looking to host a service that all teams can just sign up to use, I’m looking to create a fairly simple app that my team can use and other’s can take the helm charts for to deploy their own setup (It’s just me on this so there’s no bandwidth for a full company-wide hosted service) and it seems that Monday Apps are designed to be built once and used by many rather than having each team host their own.

So, long story short, what I’m trying to figure out is the right way forward. My ideal would be to discover that despite hours of pouring over the docs and the request bodies that I’m wrong about webhooks and that they do have some way to confirm they’re from Monday. Failing that, I’m hoping to learn that there’s some way to build a Monday App and Integration as code so I can offer it up to other teams at my company to easily setup their own copy of my backend service and clone of my app so they can easily get setup. Are either of these thing possible with Monday?

Hello there @devon.henegar,

If you create an app, and then you use an OAuth token or shortLivedToken that comes from that app, to create the webhook via API, then each time the webhook is fired, you will receive in the HTTP request, an “Authorization” header that you can decode using your app’s credentials.

What do you think?

Hey Matias, I understand this is an option but it’s really not ideal for this kind of use case. It means that the directions for how other teams will use my code to setup their own instance of this tooling will have to require specifics on how to setup their own Monday App, integrations, and OAuth. This is a terrible use experience if it’s what is required that could be made much much better by either providing an auth option with standard Monday webhook integrations (no app needed) or Monday Apps as code so I could export my App’s setup and another team could create a new app that’s effectively the exact same for their use.

@devon.henegar I believe that an app descriptor is coming to monday apps “soon”, so you’ll be able to describe all the functionality of the app using one of a json or yaml file.

This will mean that apps are much more portable and can be moved from one account to another without recreating from scratch in the monday.com UI, which is a drag.

Hello there,

Thank you for the feedback!

While I do not have an ETA, what David mentioned might be implemented in the future.