This content has been marked as final. Show 2 replies
I'm a bit stumped as to why the REST API call to list out registered webhooks only returns ones created by the user making the API call?
It means that if a user leaves the company, I'm unable to see/modify/delete their webhooks without going to the database. System administrators might want to see what's set up in the system, and can't.
It feels like an odd restriction to enforce, especially since I can actually plug in numbers into the URL for getting the details of a particular webhook & see the details of ones set up by other users, or issue a DELETE on other user's webhooks without any restrictions;