Webhooks have no authorization header and can be deleted

Forum|Forum|1 year ago
July 11, 2024
10 replies
135 views

assaf.zaitlin
New Participant

Hi,
I have created 2 different apps, that do the same thing.
As part of their workflow, both apps create a few webhooks for the user.
In my first app, the webhooks created can not be deleted or edited by the user, and when I receive the webhook on my endpoint, the received message contains an “Authorization” header with a token.
In my other app, the webhooks created can be edited and deleted, they are not associated to my app, and there’s no “Authorization” header in the received message.
I can’t spot any difference between the 2 apps, so I would appreciate any idea on why this might happen and how to solve this issue. The second app I created doesn’t work because of that.

Thanks,
Assaf

assaf.zaitlin
Author
New Participant
Forum|Forum|1 year ago
July 14, 2024

Problem was eventually solved by adding to the app an “empty” integration feature that has no workflows in it. For some reason if the app has no integration feature then the webhooks it creates don’t have authorization header.

If that’s the expected behavior and not a bug on your side, I would add something regarding that requirement in your api reference…

Matias.Monday
monday.com Team Member
Forum|Forum|1 year ago
July 28, 2024

Hello there @assaf.zaitlin,

The authorization header will not be there if the webhook was created using a personal token as explained here.

Was that the case by any chance?

Looking forward to hearing from you 😀

Cheers,
Matias

Doka
Participating Frequently
Forum|Forum|1 year ago
August 12, 2024

I can’t believe, this worked for me as well. Monday is seriously missing something in their documentation or having issues with this…

Matias.Monday
monday.com Team Member
Forum|Forum|1 year ago
August 12, 2024

Hello there @Doka,

How are you creating the webhooks? Via API?

If so, which token are you using to authorize your HTTP request and how did you get said token?

Doka
Participating Frequently
Forum|Forum|1 year ago
August 12, 2024

Hi Matias.
Yes, I am creating the webhooks through the API by sending the create_webhook mutation.

Also, I am using the OAuth token generated by the OAuth flow on my backend service.

Matias.Monday
monday.com Team Member
Forum|Forum|1 year ago
August 13, 2024

Thank you @Doka!

And if I understand correctly you were already using the OAuth token without having an integration feature to create the webhook and you were not getting the authorization header anyway.

And then you added an integration feature and you started getting said header using the exact same OAuth token.

Is this accurate?

Looking forward to hearing from you!

Cheers,
Matias

Doka
Participating Frequently
Forum|Forum|1 year ago
August 13, 2024

That is exactly right.
No other modifications, just added an empty integration to the app.

Matias.Monday
monday.com Team Member
Forum|Forum|1 year ago
August 13, 2024

Thank you for that confirmation @Doka

I will check this with our team and come back to you!

Cheers,
Matias

Matias.Monday
monday.com Team Member
Forum|Forum|1 year ago
August 14, 2024

Hello again everyone!

Matias here!

Our team will work on a fix that will be deployed soon 😀

The integration feature will not be necessary after said fix!

I will let you know when it is ready.

Cheers,
Matias

Matias.Monday
monday.com Team Member
Forum|Forum|1 year ago
August 19, 2024

Hello everyone!

I was informed by the team that his has been fixed (the issue where an integration feature is needed for the header to be there) 😀

I will update you about the webhooks editing issue.

Cheers,
Matias

Sign up

Login to monday.com

Scanning file for viruses.

This file cannot be downloaded