The AdminUI webhooks use the admin_ui_webhooks scope for authorization.

To ensure your webhooks are secured against public use, they should check for a bearer token, issued by your IdentityServer installation, that contains this scope.


To allow the AdminUI webhook functionality to request access tokens, a new client must be created within your IdentityServer.

This client should have the following configuration:

  • client_credentials grant type (a machine application within AdminUI)
  • can request the admin_ui_webhooks scope
  • have a client secret

You can then configure AdminUI to use this client configuration by configuring the ClientId and ClientSecret settings within the API.