Incoming Webhook without Headers

[DereckSimpatico]

Hello All,

Is it possible to setup so the api key etc can be contained in the body instead of the header? Unfortunately, some platforms like Datto RMM don't have a way to include headers for auth.

[dosubot[bot]]

Hi @DereckSimpatico! I'm Dosu and I’m helping the keep team.

Keep's incoming webhook authentication only supports API keys in HTTP headers (like X-API-KEY) or, for some endpoints, as a query parameter in the URL (e.g., ?api_key=...). There is no support for passing authentication credentials in the request body—the authentication logic does not extract API keys from the body, and all examples and documentation expect the key in headers or the query string [source] [source].

If your platform can't set custom headers, try including the API key as a query parameter in the webhook URL (if the endpoint supports it), like this:
https://your-keep-url/alerts/event/{provider}?api_key=YOUR_API_KEY
This method is documented for some integrations (e.g., Graylog) [source].

There are currently no built-in options or workarounds for authenticating via the request body. If query parameters aren't an option, you may need to use a proxy or middleware that adds the required header before forwarding the request to Keep.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}