June 29, 2026
Great news for developers building integrations with webhooks: sheet webhooks now support custom HTTP headers.
Previously, authenticating webhook payloads meant adding logic on the receiving end to validate callback URL tokens, IP allowlists, or post-receipt signatures. That added friction to the development process. Now you can pass custom headers directly in your webhook configuration, and Smartsheet will include those headers on every callback — just like report webhooks already do.
When you create or update a sheet webhook, include a customHeaders object in your request:
json
{
"name": "My Sheet Webhook",
"callbackUrl": "https://your-service.example.com/hook",
"scope": "sheet",
"scopeObjectId": 123456789,
"events": ["*.*"],
"version": 1,
"customHeaders": {
"X-Webhook-Secret": "your-shared-secret",
"X-Source": "smartsheet"
}
}
Smartsheet will forward those headers on every outbound callback request. Use them to pass API keys, shared secrets, service-specific tokens, or any other authentication mechanism your receiving service expects.
This is a fully backwards-compatible change. If you have existing webhooks, they'll continue to work as-is. No API changes needed on your end — this is purely additive.
If you've been working around the lack of header support with workarounds, now is a great time to refactor your integration to use this cleaner, more secure approach. Learn more.
Environment Availability: Commercial US, Commercial EU, Commercial AU
Plan Availability: Business, Enterprise, Advanced Work Management
Subscription Model Availability: Legacy model and User model