OAuth

For this type of authentication, where a fixed token is not available, Monkey will make calls to your Authorization Server for each webhook to be sent. The flow is as follows:

1. Monkey will make a POST request to your Authorization Server URL, transmitting the data configured during the webhook creation: client_id, client_secret, and custom_parameters.

   Use custom_parameters when it is necessary to configure grant_type, scope, and others.

2. Monkey expects a return payload containing the access_token and token_type data. An example of the expected JSON is:

   JSON

   {
      "access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlJnZzZ0VlB3",
      "token_type":"Bearer"
   }
   

   Any other value returned in the payload will be ignored. If token_type is not returned, we will default to the Bearer type.

3. Monkey will call the webhook API, sending the Authorization header or the value defined in the Authorization Token field. The token returned from the call to the Authorization Server and the token type returned by the Authorization Server will be sent as values in this header. See an example:

   Example Header:

   HTTP

   Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlJnZzZ0VlB3
   

   If the token type is not explicitly returned by the Authorization Server, we will default to the Bearer type.

Configuration

To configure a webhook, go to Settings -> Webhooks -> Configure, select the OAuth Webhook option, and fill in all the required information..

Fill in your information as shown in the example below: