Hello @sp-keyzy!

Welcome to the community, we hope you like it here 🚀

You are correct in that webhooks do not provide the benefits that come with the authorization header included in custom actions.

However, our servers will send a "challenge’ to your URL to verify that you control the endpoint you provide. Our platform checks this by sending a JSON challenge to your endpoint, and your app should respond back with the same challenge.

We will send a JSON POST body, containing a “challenge” field. This is a randomly generated token that we expect you to return as a “challenge” field of your response JSON body to that request.

Here is what the “Challenge” will look like:

{

 "challenge": "3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P"

}

The response body should be an identical JSON POST body:

{

 "challenge": "3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P"

}

Here is a simple example in JavaScript of a webhook listener that will print the output of the webhook and respond correctly to the challenge:

app.post("/", function(req, res) {  console.log(JSON.stringify(req.body, 0, 2));    res.status(200).send(req.body);})

The problem with challenge is that I get it only when I register the webhook, not when it triggers

Is there a way to do an official feature request to get some sort of authentication available to webhooks?