How to authenticate Sync gateway webhook url using OAuth

A microservice API which is secured with OAuth2 authentication should be called when a change detected. For eg:-

"event_handlers": {
  "document_changed": [
    {"handler": "webhook",
     "url": "",
     "filter": `function(doc) {
          if (doc.type == "A") {
            return true;
          return false;
  1. How to get the token?
  2. How to cache the token?
  3. How to modify the Authorization header and authenticate?

The webhook API in Sync Gateway does not support calling services that require OAuth2 authentication.

Typically, servers that receieve webhook events are stateless, and do one or more of the following to authenticate incoming webhook requests:

  • HTTP Basic Authentication
  • IP Whitelisting the source(s) of webhook requests
  • Mutual payload signing with a shared secret
  • Mutual TLS authentication

Sync Gateway supports HTTP Basic authentication for the webhooks, but does not do request signing or x.509/Mutual TLS authentication. You could implement IP Whitelisting on your side to further restrict.

You could write a microservice, that does the above basic authentication to recieve incoming webhooks, and then negotiates an OAuth2 session with another microservice.