Headers in Webhook Block
When sending API requests through a Webhook block in your bot flow, headers play a vital role. They carry additional information that helps third-party systems identify, authorize, and understand your request.
Let’s walk through what headers are, why they’re needed, how to use them, and a few examples to make things easier.
What are Headers?
Headers are key-value pairs that are sent along with your webhook request. Think of them as special instructions or identity cards that travel with your request, telling the receiving system who you are and what kind of data you’re sending.
Here’s how a header looks:
- Key: Authorization
- Value: Bearer your-access-token
Another example:
- Key: Content-Type
- Value: application/json
These headers are not visible to the end user; they work behind the scenes to make the connection secure, clear, and properly formatted.
When do you use Headers?
You’ll typically use headers when:
- The API you’re calling requires authentication (e.g., OAuth or API tokens).
- You need to set the content type for your request (usually JSON).
- You’re working with a service like Zoho, which may need extra details like orgId or portalId.
- You want to safely pass sensitive system-level information that should not appear in the request body or URL.
You can add headers in the “Headers” section of the Webhook block, where you define each key and its corresponding value.
Why are Headers important?
Headers are essential for most API calls because they: (Suggestion: Header can be used to mask sensitive information while sending to a third party service. - need to confirm with dev)
- Authenticate who is sending the request.
- Define what format the request body is in (JSON, XML, etc.).
- Pass extra system-level information (like organization or portal IDs).
- Ensure that the server understands how to handle your request securely.
Without the right headers, many APIs will reject your request or return an error.
Commonly Used Headers
Commonly Used Headers
Here are some headers you’ll often use when calling APIs:
| Header Key | Example Value | Purpose |
| Authorization | Bearer ya29.a0AfH6… | Authenticates the request using an access token |
| Content-Type | application/json | Tells the server the format of the request body |
| orgId | 1234567890 | Identifies the Zoho organization making the call |
| portalId | zylker-support | Used for department-level identification |
You can add up to 20 headers per webhook request, giving you the flexibility to meet any API requirement.
Example Use Case
Let’s say you want your bot to update a support ticket using the Zoho Desk API. You’ll need to send an authenticated PUT request.
Here’s what your headers might look like:
- Authorization: Bearer 1000.abcdeXYZ.your-access-token
- orgId: 123456789
- Content-Type: application/json
These headers ensure that:
- The system knows who you are (Authorization).
- It knows you’re part of a specific Zoho organization (orgId).
- It understands that your request body is formatted in JSON (Content-Type).
Without these headers, Zoho’s servers would not be able to process your request.
Are Headers secure?
Yes, headers are invisible to the end users interacting with your bot. This means you can safely include confidential information like:
- OAuth tokens
- API keys
- Internal organization IDs
However, it’s still important to treat this data carefully:
- Never expose headers in bot messages.
- Store tokens securely and rotate them periodically.
- Use HTTPS endpoints to encrypt all communication.
Benefits of using Headers
- Securely pass authentication credentials
- Ensure your request is formatted correctly
- Communicate additional context to external systems
- Keep sensitive info hidden from users
- Enable access to protected data or APIs
Tips for using Headers
- Always check the API documentation to see which headers are required
- Use “Bearer” before your token if the API expects it (e.g., Bearer abc123token)
- Don’t include unnecessary headers, only what’s needed
- Use test environments first before using headers in live scenarios
- Refresh tokens as needed, especially for OAuth-based systems
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Multipath in Webhook Block
Not every API call ends the same way. When your chatbot interacts with external systems using a Webhook block, you often expect different types of responses. Some API calls are successful, like when the system finds a customer’s data, while others ...Request Timeout in Webhook Block
When your chatbot connects to an external service, it uses a webhook block to send a request to that service’s API. Now imagine the service takes too long to respond. What should your chatbot do? Wait forever? Give up too early? That’s exactly what ...URL Field in Webhook Block
Where it knows to go! You’ll need to enter the exact REST API endpoint of the third-party app you want to interact with in the URL field; whether you’re sending data, fetching it, updating something, or deleting it. Think of this field as the ...Connections in Webhook Block
When you’re working with webhooks in a bot flow, whether you’re retrieving data, updating a record, or triggering a third-party service, you often need to establish a secure connection with an external application. That’s where Connections come into ...Response in Webhook Block
Once your webhook sends a request to an external API, it often receives a response. This is where the Response List in the webhook block becomes incredibly useful. It lets you capture and use the data that comes back from the API, right inside your ...
New to Zoho LandingPage?
Zoho LandingPage Resources