Webhook of argo-events supports authentication, however the field is fixed in header. If your callers don’t do that way, you are screwed. Recently days, I was trying to integrate gitee with argo-workflow and argo-events. I hit the wall here. TOKEN="Bearer af3qqs321f2ddwf1e2e67dfda3fs" curl -X POST -H "Authorization: $TOKEN" -d "{your data}" http://xxxxx:12000/example I kept reading the documents for serveral days and the knowledge sinked in, I got the idea that filters maybe can be used for that as a workaround solution.