0

I want to setup a webhook for facebook leads. i.e Every time there is a lead in facebook I should get a webhook on the configured URL. I am able to do this with the help of the documentation https://developers.facebook.com/docs/graph-api/webhooks/getting-started/webhooks-for-leadgen

However there is no mention of configuring authentication in the documentation. All the endpoints on my system are configured with Oauth2(client credentials grant type) authentication. How do I configure this on facebook webhook setup ?
I was hoping that facebook would have a way to configure authUrl, clientId and clientSecret along with the webhook url, but that is not the case.

Am I missing something here or is it not possible to do so?

pvpkiran
  • 25,582
  • 8
  • 87
  • 134
  • 1
    Really not sure what you are asking. The webhook doesn't do any authentication, to validate the request you need to calculate and compare the signature, https://developers.facebook.com/docs/graph-api/webhooks/getting-started#validate-payloads – CBroe Feb 02 '23 at 06:56
  • @CBroe thanks for the reply. I was hoping that there is some way I can configure authentication in addition to payload verification. But there is no option(need) for that I believe. – pvpkiran Feb 03 '23 at 16:16

1 Answers1

1

Yes webhooks typically don't tend to use complex authn/authz . It's usually Signature verification and payload Hash calculation to derive authenticity. Just to be safe - I would also try to whitelist/rate alerts on the source I receive webhooks from.

Mithesh K
  • 26
  • 1