Verify webhook origin as Monday.com

monday Apps & Developers Feature Requests - API and Apps Framework
, , ,
24

Today is my first day of writing code for your hook system.
I’m here and it’s bad that you didn’t decide to be able to identify, check the data sending service
This is your reputation hole
The worst thing is that you know and do nothing
Sorry for my English

1 Like
25 
POST https://api.monday.com/v2
Authorization: token
Content-Type: application/json

{
  "query": "mutation { create_webhook (board_id: boardId, url: \"urlHook\", event: change_column_value, secret: hookSecret) { id board_id }}"
}

Add fields secret: hookSecret
Please return me field signature (you object) using my hookSecret (jwt example, and …)
You will close this hole with this
Thanks,
Fedor

26

Hello @VlasenkoFedor!

When you talk about a “hook system”. Are you referring to our webhooks?

I am not sure I understand what you need in this case.

27

. Are you referring to our webhooks?
Yes
I added the example code

{
  "query": "mutation { create_webhook (board_id: boardId, url: \"urlHook\", event: change_column_value, secret: hookSecret) { id board_id }}"
}
28

Hello @VlasenkoFedor!

I do not understand what you need from the webhooks exactly.

What would a “hookSecret” be? A token to check the validity of the request?

If so, we do not have that as of today but I can add your vote to it.

Cheers,
Matias

29

“If so, we do not have that as of today but I can add your vote to it.”
That’s what we want

Since we see here the problem of identifying the response of the server

Thanks,
Fedor

30

how to create a webhook via playground and answer the challenge I use botconversa and I don’t know how to answer the challenge

31

Hi @EMANUELMARLON,

You can use the create_webhook mutation to create a webhook in the Playground. Please see this example in Postman for how to create the request in your app, which you’ll need when the webhook is triggered in order to respond to the challenge.

When the webhook is called, we’ll send a request to your app with the challenge. To verify a webhook, your app should respond back with the same challenge.

32

Any update on this? This post is over 2 years old. Is this something that might be available soon?

35

Hello @bte and welcome to the community!

We made these improvements to the webhooks related to apps.

We recommend creating webhooks with app API tokens to get authorization verification headers.

Cheers,
Matias