I’m having trouble getting webhooks to work properly with my app that’s protected by wwwhisper on Heroku. I have a scheduling service that needs to send POST requests to my endpoint, but they keep getting rejected with 401 errors.
I already upgraded my plan and added the scheduling service’s domain to the whitelist in wwwhisper’s admin panel. The Express server works perfectly when I test it locally, but the webhook calls from the external service keep bouncing back with authentication errors.
Has anyone dealt with this kind of issue before? What am I missing in the configuration? Any help would be appreciated.
Hit this same problem 6 months ago. wwwhisper’s whitelist only works for browsers - API calls get blocked regardless.
Easiest fix: create a /webhook endpoint that skips wwwhisper entirely. Just configure it before the wwwhisper middleware loads.
Better solution: use wwwhisper’s API keys. Generate one in the admin panel and have your scheduler send it in the Authorization header. Way cleaner.
If you can’t change much, check if your scheduler supports custom headers. Some let you add auth tokens that wwwhisper recognizes.
Bottom line: those 401s won’t stop until you either exempt the route or give the service proper credentials.