Webhooks have no authorization header and can be deleted

I have created 2 different apps, that do the same thing.
As part of their workflow, both apps create a few webhooks for the user.
In my first app, the webhooks created can not be deleted or edited by the user, and when I receive the webhook on my endpoint, the received message contains an “Authorization” header with a token.
In my other app, the webhooks created can be edited and deleted, they are not associated to my app, and there’s no “Authorization” header in the received message.
I can’t spot any difference between the 2 apps, so I would appreciate any idea on why this might happen and how to solve this issue. The second app I created doesn’t work because of that.


Problem was eventually solved by adding to the app an “empty” integration feature that has no workflows in it. For some reason if the app has no integration feature then the webhooks it creates don’t have authorization header.

If that’s the expected behavior and not a bug on your side, I would add something regarding that requirement in your api reference…