If you create the webhook using a monday app, and have an integration feature in the app, then monday will send a JWT in the authorization header, that is sighed using a secret you would have on your backend.

However, if you create a webhook using the UI as an end user, then no authentication header is sent.

There is no way to send any sort of hash or signature to verify the payload itself.

Interesting, thanks @anon29275264 I will investigate that further.

Thank you @anon29275264 for the reply!