|
|
|
|
|
|
by erikerikson
396 days ago
|
|
|
Because then the client would need to host token vending infrastructure just to accept a webhook request. As designed, the webhook receiver only has to implement the one endpoint. [edit: in addition, bearer tokens are not the only authentication system. By moving authentication onto the webhook holder, the caller now has to satisfy any authentication system and have implementations for all of them. Some authentication systems are manual and thereby introduce friction. By providing the authentication materials themselves, they reduce friction and reduce their implementation to having only one mechanism.] |
|
|