Validate webhook end point calls ? 8base making it Extremely confusing

Hey @sebastian.scholl I have an issue, I have few webhooks created in the 8base, I am getting token from auth0 as well with hosted login/signup, Connected my auth0 with 8base as well, as an authentication provider, For every 8base API call from my react app, I am sending Authorization header (the idToken I received from auth0) to webhooks endpoints, but there is of no use, because 8base have not provided any way to authenticate the call for webhook end points. Can you please suggest something here.
My 8base webhook endpoints are further hitting other API calls to a third party provider. I am not storing anything in 8Base.

Please clear this concept, I have seen other similar threads are unanswered on community.


You should use resolvers for this instead of webhooks.

Resolvers can be called using the authenticated apollo client that the SDK provides. From there you can call external services as well.

Webhooks are mainly used for external incoming communication

Hey @nikhil.kumar - Webhooks are not meant to use Authentication.

If you want to use an Authentication token in a webhook, you can grab it from within the event object.

export default function (event, ctx) {
   const { headers } = event;

If you want to, you can then use/add headers to requests being made from within your function.

export default function (event, ctx) {
   const { headers } = event;

   // Call some service
   await axios.get('/my-endpoint', { 
     headers: { 
       authorization: headers.authorization 

  // Call 8base API
  await ctx.api.gqlRequest(SOME_QUERY, variables, { 
    headers: { authorization:  headers.authorization }
  } )

  // Do stuff

All Webhooks are publicly executable, you need to either pass the headers forward to your subsequent requests or come up with your own strategy for authorizing the request.

The docs highlight this: