Webhook authentication

Hi there,

Is there a way to authenticate webhooks sent by:

    - url: https://my.company.com

I though of adding a token query param:

    -  https://my.company.com?token=$TOKEN

But my environment variable TOKEN is not being injected.

Is there any way to add headers using environment variables ? How do you guys make sure that no one else but you calls your webhook endpoints ? Is this notify property documented anywhere ?

Thanks a lot, and keep up the great work !

Hi @gempain,

The notify feature has been deprecated and is no longer supported by CircleCI. Do you mind clarifying your use case so I can make a suggestion?

Are you trying to emulate a slack webhook? if so, you can use CircleCI’s Slack Orb. You can also check out CircleCI’s Orb Registry.

@Henna thanks for the response.

I want to notify my server when jobs succeed and when they fail. I need a POST request with a payload with the job ID or pipeline number, and a way to authenticate using a project environment variable. There is a webhook orb which seems unmaintained. It doesn’t provide a token mechanism but I can create my own orb.

My problem with orbs is that you have to call them in every job, and I want something global.

version: 2.1
  webhook: eddiewebb/webhook@volatile
      - image: 'node:12'
      - run: echo "build"
      - webhook/notify:
          endpoint: 'https://my.url'
          token: $TOKEN
      - run: echo "test"
      - webhook/notify:
          endpoint: 'https://my.url'
          token: $TOKEN

Can you clarify how to bind a project environment variable to an orb:

token: <<parameters.TOKEN>>
# or 
token: "<<parameters.TOKEN>>"
# or
token: $TOKEN


I just realized something… webhooks are sent AFTER the build has finished. Unfortunately, orbs are executed as regular jobs, so when the orb performs the HTTP post, the workflow status is still “running”…

Why did you guys decided to no longer support webhooks without providing a viable alternative ?

For issues with orbs, it is best to reach out to the orbs maintainer by creating an issue on GitHub : https://github.com/eddiewebb/circleci-webhook-orb

You can pass in an environment variable using the following syntax: $TOKEN

I found this feature request : Workflow level webhook notifications. Please feel free to vote and comment on it. If the idea gets enough votes and comments, it will be prioritized.