The AdminUI webhooks use the
admin_ui_webhooks scope for authorization.
To ensure your webhooks are secured against public use, they should check for a bearer token, issued by your IdentityServer installation, that contains this scope.
To allow the AdminUI webhook functionality to request access tokens, a new client must be created within your IdentityServer.
This client should have the following configuration:
client_credentialsgrant type (a machine application within AdminUI)
- can request the
- have a client secret
You can then configure AdminUI to use this client configuration by configuring the
ClientSecret settings within the API.