I’ve been tasked to setup a Monday to Internal-to-my-company tool setup that can keep matching fields on both side updated when either side is modified. This seems like a pretty simple setup as both Monday and the internal tool have easy to use APIs for updating fields and receiving webhooks when a field changes, or so I thought.
The prototype has used Monday Webhooks, not a Monday app, and does everything I need it to do except that as I get ready to actually host this somewhere I have discovered that Monday outbound webhooks don’t appear to offer any mechanism to validate that they come form Monday.
Once I got past the insanity of this lack of security on the Monday outbound Webhooks I started looking for how I could get information from Monday about various changes that did have some security to them and quickly concluded that Apps and Integrations are the right tool for this job.
This seems like my problem is solved except that I’m not looking to host a service that all teams can just sign up to use, I’m looking to create a fairly simple app that my team can use and other’s can take the helm charts for to deploy their own setup (It’s just me on this so there’s no bandwidth for a full company-wide hosted service) and it seems that Monday Apps are designed to be built once and used by many rather than having each team host their own.
So, long story short, what I’m trying to figure out is the right way forward. My ideal would be to discover that despite hours of pouring over the docs and the request bodies that I’m wrong about webhooks and that they do have some way to confirm they’re from Monday. Failing that, I’m hoping to learn that there’s some way to build a Monday App and Integration as code so I can offer it up to other teams at my company to easily setup their own copy of my backend service and clone of my app so they can easily get setup. Are either of these thing possible with Monday?