Is there a way to add custom headers to a Rule Webhook call?

Hi there!
Is this workflow accomplishable via application objects instead? Application objects can be configured to send webhooks to an endpoint as well, and you can adjust them such that they can also send metadata to the endpoint as well.

In the meantime I’d warn against using the API key within the path parameters as that, like you mention, can expose your key to malevolent actors.

Please let me know if you have any other questions about this!

Hello Raymond,

I investigated the application objects, but it won’t work for my usecase, unfortunately. The application objects are tied to text references, and what I need goes beyond that.

The fact that we cannot add an API key to the request implies that it needs to be open to the public, which is bad. Even using the Front signature header, it still needs to be a public route. I’m providing an API key because that’s a requirement of an internal proxy that is used to forward the requests.

Do you know of any other way that private URLs can be called via Webhook rules?

Hi ​@p_cora,

You could send an application request instead of an application object. App requests allow you to make any API call of your choosing and control the headers. They can be triggered by rules and dropped in as nodes in the flow builder or as actions.

Would that fit your needs?

Some example screenshots below with Asana

 

Hello Javier,

This one looks promising, I didn’t know about it. However, when configuring the application request I noticed that I’m required to provide a body to my server, and what I need is to send the same data body that is sent when a webhook is triggered. Can it be done?

Besides, I don’t seem to be able to select the app request that I created, since it won’t show up in the “Select app request” drop down

Hey ​@p_cora, understood.

In that case, you should try using application webhooks, which you can add as features directly on your app. Assuming those events will work for you, the advantage over rule webhooks is that you’ll be able to set the webhook to use a server on your developer app. The server can be configured to send API key information as a header.

Let me know if that works for you, or if there is some reason the app webhooks don’t work the way you’ve got rule webhooks working.

P.S.—not relevant to the core issue you’re working on, but in case you work with app requests in the future, I wanted to clarify the issue you encountered.

The app request not showing up in the Action section is actually expected. Actions are the final step in a rule, so a GET request there wouldn't be useful since there's nowhere to return the data. Instead, add it earlier in the flow as its own node by selecting Add app request node (I'd recommend switching to branching rules if you haven't already — they make this much easier). We know this part of the UI can be confusing because you might think your requests are simply missing, so we’re looking to improve it. The very same issue has confused me a couple times!

Any way to call an app request without an action? I tried saving it with no action but it says I need at least one action before saving the rule

Another question: Can I get the conversation status by using dynamic variables? I couldn’t find any way to access it outside of the main payload that is sent via webhook

You should be able to create a dynamic variable that extracts the ticket status, or add a branch by condition node that branches based on the ticket status. Not sure if that’s what you’re referring to.

Rules need to end with an action, but this can be anything like adding or removing a tag, archiving the conversation, posting a comment, etc.

Did application webhooks not meet your needs? If you can trigger the same events, you’d be able to send a webhook payload with authenticated headers directly, so curious if there’s a reason this approach is blocked.