Webhook authorization header

Hello,

I created an app in the Developer Center, and then created an integration feature using the “quickstart integration - NodeJS” option".

I ran the command provided in my development directory, and it created all the files, etc., it also provided the url for linking.

Now, I set up an automation on my board using this webhook: “when an item is created, send a webhook”. This automation is linked to a route I created.

When I create a new project in my table, it posts the route and runs middleware code that handles the challenge fine. But I am inspecting the headers with these posts, and I cannot find the authorization header. So, the ‘authenticatonMiddleware’ middleware code that came with the template code outputs “Authentication failed: JWT must be provided.”

Likewise, the code in the ‘monday-controlller.js’ is also running into issues because it’s expecting req.session to contain a shortLivedToken.

Could anyone please assist? I am new to Monday development.

Thanks!

hi @dan13l

Welcome to the community. Do I understand correctly that you are handling the challenge response and authorization in the same piece of middleware? If so, take care: the challenge send by the webhook is not signed (all future posts are singed). Something like this should work:

  try {
    let { authorization } = req.headers;
    let { challenge } = req.body;
    //The challenge from the webhook is not signed
    if (challenge) return next();
    if (!authorization && req.query) {
      authorization = req.query.shortLivedToken;
    }
    const { accountId, userId, backToUrl } = jwt.verify(authorization, envVars.signingSecret);
    req.session = { accountId, userId, backToUrl };
    next();
  } catch (err) {
    res.status(401).json({ error: "not authenticated" });
  }```

Only webhooks created with an api mutation that include an api key, session token, or oauth token will be authenticated.

The first time Monday hits the endpoint it will come without an authorization and just a challenge. After that it will include the auth.

const webhookChallenge = (req: Request, res: Response, next: NextFunction) => {
  if (req.body.challenge) {
    return res.status(200).send(req.body);
  }
  next();
};
  '/create-update',
  webhookChallenge,
  authenticationMiddleware,
  handleCreateUpdate
);```