Webhooks have no authorization header and can be deleted

Hi,
I have created 2 different apps, that do the same thing.
As part of their workflow, both apps create a few webhooks for the user.
In my first app, the webhooks created can not be deleted or edited by the user, and when I receive the webhook on my endpoint, the received message contains an “Authorization” header with a token.
In my other app, the webhooks created can be edited and deleted, they are not associated to my app, and there’s no “Authorization” header in the received message.
I can’t spot any difference between the 2 apps, so I would appreciate any idea on why this might happen and how to solve this issue. The second app I created doesn’t work because of that.

Thanks,
Assaf

Problem was eventually solved by adding to the app an “empty” integration feature that has no workflows in it. For some reason if the app has no integration feature then the webhooks it creates don’t have authorization header.

If that’s the expected behavior and not a bug on your side, I would add something regarding that requirement in your api reference…

1 Like

Hello there @assaf.zaitlin,

The authorization header will not be there if the webhook was created using a personal token as explained here.

Was that the case by any chance?

Looking forward to hearing from you :smile:

Cheers,
Matias

I can’t believe, this worked for me as well. Monday is seriously missing something in their documentation or having issues with this…

Hello there @Doka,

How are you creating the webhooks? Via API?

If so, which token are you using to authorize your HTTP request and how did you get said token?

Hi Matias.
Yes, I am creating the webhooks through the API by sending the create_webhook mutation.

Also, I am using the OAuth token generated by the OAuth flow on my backend service.

Thank you @Doka!

And if I understand correctly you were already using the OAuth token without having an integration feature to create the webhook and you were not getting the authorization header anyway.

And then you added an integration feature and you started getting said header using the exact same OAuth token.

Is this accurate?

Looking forward to hearing from you!

Cheers,
Matias

That is exactly right.
No other modifications, just added an empty integration to the app.

Thank you for that confirmation @Doka

I will check this with our team and come back to you!

Cheers,
Matias

Hello again everyone!

Matias here!

Our team will work on a fix that will be deployed soon :smile:

The integration feature will not be necessary after said fix!

I will let you know when it is ready.

Cheers,
Matias

Hello everyone!

I was informed by the team that his has been fixed (the issue where an integration feature is needed for the header to be there) :smile:

I will update you about the webhooks editing issue.

Cheers,
Matias

2 Likes