Search code examples
facebookfacebook-webhooks

Facebook lead ad webhook how to set authentication


I want to setup a webhook for facebook leads. i.e Every time there is a lead in facebook I should get a webhook on the configured URL. I am able to do this with the help of the documentation https://developers.facebook.com/docs/graph-api/webhooks/getting-started/webhooks-for-leadgen

However there is no mention of configuring authentication in the documentation. All the endpoints on my system are configured with Oauth2(client credentials grant type) authentication. How do I configure this on facebook webhook setup ?
I was hoping that facebook would have a way to configure authUrl, clientId and clientSecret along with the webhook url, but that is not the case.

Am I missing something here or is it not possible to do so?


Solution

  • Yes webhooks typically don't tend to use complex authn/authz . It's usually Signature verification and payload Hash calculation to derive authenticity. Just to be safe - I would also try to whitelist/rate alerts on the source I receive webhooks from.