Every API gateway has there own rules. If we allow prefix with token in webhook api, that will help to generelise webhook implementation.
Introduce one config parameter for webhook tokenPrefix, If it’s present add value present in config as prefix with token.
Universal API gateway systems have been proposed and tried quite a few times before, but each time the results caused nothing but inconsistencies. like for instance how different API gateways expect tokens in different formats, i.e…
Authorization: Bearer <token>Authorization: Token <token>X-API-Key: <token>Raw token in query/bodyThe goal was normalization across webhook integrations, by introducing a tokenPrefix it would add flexibility, it would avoid hardcoding "Bearer" which is a common limitation, and it would allow reuse across multiple gateways without custom code for each integration.
Issues that were prolific is that Prefix alone is not enough, some gateways don’t just change the Prefix they change things like the header name (Authorization vs X-API-Key). Placement (header vs query vs body). The idea only handles one dimension of the problem.
Ambiguity in behavior, like say what happens if Prefix already includes a trailing space vs not having one? Or token is already prefixed upstream?? These create subtle bugs in security (or correctness). Blindly concatenating Prefix + token can and will always break auth if malformed in the slightest or at the very least lead to duplicate prefixes (Bearer Bearer token) the solution needs normalization logic, not just concatenation, for example the easy solution presents an issue where naming is too narrow, example tokenPrefix problem there is it assumes all auth is Prefix-based and that’s not universally true, it does solve one common case (Bearer tokens), but it does not generalize webhook auth despite the goal, it will take a slightly broader config structure to prevent future rewrite loops, I don’t see it happening anytime soon, sadly it is a good idea.
Hope it helps.