Adding an authorization header for a webhook?

I’m working on integrating a Mailchimp newsletter subscription option into new user registrations, and have made progress using this plugin from @pfaffman https://github.com/pfaffman/discourse-mailchimp-webhook

The plugin successfully adds a “User Created Event” webhook that appears at /admin/api/web_hooks/new and I worked out from the Mailchimp API to set the Payload URL for the webhook like this (with my actual DC and list ID):
https://[my-dc].api.mailchimp.com/3.0/lists/[my-list-id]/members/

I created a new user and the webhook fired successfully, but got an “API Key Invalid” response from Mailchimp. From reading the code for the build_webhook_headers method it didn’t look like adding the API key to the “Secret” field would work, since that creates an “X-Discourse-Event-Signature” header, though I tried anyhow and still got the same response.

As a test, I manually edited the build_webhook_headers method and inserted the authorization header that the Mailchimp API is expecting, and this worked (I got a success response, and the new member appeared on Mailchimp’s end):

headers['Authorization'] = 'apikey my-key-here'

Obviously editing Discourse directly is not a viable solution, but I’m stuck now on how to get this authorization header into my webhook request. There appears to be a way to augment the body of the request with :after_build_web_hook_body though I haven’t found a similar way for the header.

Any help pointing me in the right direction would be greatly appreciated. Thanks!

1 Like