Add webhook management to the public API, SDK, and support Machine Identity auth on webhook endpoints #6631
aboutrax
started this conversation in
Feature Request
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
The webhook management endpoints (
/api/v1/webhooks) are fully implemented in thebackend but are currently inaccessible to automation tooling due to two gaps:
AuthMode.JWT(user session) — Machine Identitytokens are not supported
Current behavior
From
webhook-router.ts, every route is gated with:This means the following endpoints exist but cannot be called with a Machine Identity
access token:
POST/api/v1/webhookscreateWebhookGET/api/v1/webhooks?projectId=listWebhooksPATCH/api/v1/webhooks/:webhookIdupdateWebhookDELETE/api/v1/webhooks/:webhookIddeleteWebhookPOST/api/v1/webhooks/:webhookId/testtestWebhookRequested changes
1. Allow Machine Identity auth on webhook endpoints
Update each webhook route to accept
AuthMode.IDENTITY_ACCESS_TOKENalongside JWT:2. Document the endpoints in the public API reference
The
operationIdfields are already defined, so these endpoints are presumablyready to be exposed. They should appear under a Webhooks section in the API
reference, consistent with how Secrets, Folders, and Environments are documented.
3. Add webhook management to the Node SDK
The SDK currently only covers secret fetching. Adding webhook management would
allow tools to register and clean up their own webhooks programmatically without
requiring a user session.
Proposed SDK surface:
Motivation
I built Infibridge, a self-hosted webhook
bridge that syncs Infisical secrets to Convex and Dokploy in real time. Currently,
users must manually register the Infisical webhook in the UI after creating a service
bridge. With Machine Identity auth and SDK support, Infibridge (and similar tools)
could register, verify, and clean up webhooks automatically as part of the service
lifecycle — using the same Machine Identity credentials already configured for secret
fetching.
Willingness to contribute
Happy to submit a PR for the auth change and SDK methods if the Infisical team is
open to it.
Beta Was this translation helpful? Give feedback.
All reactions