Adding an authorization header for a webhook?

I’m working on integrating a Mailchimp newsletter subscription option into new user registrations, and have made progress using this plugin from @pfaffman

The plugin successfully adds a “User Created Event” webhook that appears at /admin/api/web_hooks/new and I worked out from the Mailchimp API to set the Payload URL for the webhook like this (with my actual DC and list ID):

I created a new user and the webhook fired successfully, but got an “API Key Invalid” response from Mailchimp. From reading the code for the build_webhook_headers method it didn’t look like adding the API key to the “Secret” field would work, since that creates an “X-Discourse-Event-Signature” header, though I tried anyhow and still got the same response.

As a test, I manually edited the build_webhook_headers method and inserted the authorization header that the Mailchimp API is expecting, and this worked (I got a success response, and the new member appeared on Mailchimp’s end):

headers['Authorization'] = 'apikey my-key-here'

Obviously editing Discourse directly is not a viable solution, but I’m stuck now on how to get this authorization header into my webhook request. There appears to be a way to augment the body of the request with :after_build_web_hook_body though I haven’t found a similar way for the header.

Any help pointing me in the right direction would be greatly appreciated. Thanks!


Wanted to check back in and see if anyone might know a solution to this question… I didn’t manage to figure this out yet. I’ve temporarily resorted to using my plugin to override the build_webhook_headers method from the Jobs::EmitWebHookEvent class, though I’m aware this isn’t an ideal solution.

Thanks in advance!

Hi all,

So setting an Authorization header on my webhook is not possible?

What are webhooks used for then? It feels like 99% of useful webhooks would require this header.


I have a similar requirement where I need to send the new user’s details to a Mailchimp list, and I ran into the same issue as described above. But I have got a solution/workaround for this issue.

Since the Mailchimp API uses HTTP Basic authentication when supplying the API key with your API request, you can also include the key in the URL you’re calling (instead of the more common Authorization header).

So in my case I set the webhook payload URL to:

And that seems to work fine as the user now gets added to the Mailchimp list successfully.