Is there a way to retrieve HTTP Headers when using Zapier Webhook triggers? With Catch Hook and Catch Raw Hook triggers the headers doesn't seem to be available in later steps (even using a Code step).
For example with something like:
curl -H 'Content-Type: application/json' \
-H 'x-webhook-signature: abc123!'
POST -d '{"secret": "I am a banana"}'
https://hooks.zapier.com/hooks/catch/123/abc/
How to read the value of x-webhook-signature value in a Zapier in or after a Webhook trigger?
This is especially important for us as the headers contains authentication information without which we cannot verify the authenticity nor the identity of the sender. It's a great security issue.
David here, from the Zapier Platform team.
Sorry to be the bearer of bad news, but this isn't something we currently support in our webhooks app. If the proxy server isn't an option, it might be possible to write a custom CLI app to catch your hooks. It has access to the incoming header and could copy that information into the body. The tricky part of that is that you no longer have the benefit of a single URL to throw hooks at - each zaps broadcasts its url when it's turned on. Success would depend on being able to capture that broadcast somewhere and adjust your data accordingly.
Again, sorry this isn't possible now. Let me know if you've got any other questions!