Article
Sheet webhooks now support custom headers
June 29, 2026
Sheet webhooks now support custom HTTP headers, making it easier to authenticate webhook payloads securely. When creating or updating a sheet webhook, you can pass a customHeaders object in the request body — Smartsheet will include those headers on every outbound request to your callback URL.
Custom headers are the industry standard for authenticating webhook callbacks. You can use them to pass shared secrets, API keys, or service-specific tokens directly in the header layer, eliminating the need for callback URL obfuscation or post-receipt validation workarounds. This brings sheet webhooks into full parity with the custom header support that was already available on report webhooks.
This is a backwards-compatible addition. Your existing webhooks are unaffected. To start using custom headers, simply include the customHeaders object in your POST /webhooks or PUT /webhooks/{webhookId} requests.
Example:
POST /webhooks
{
"name": "My Sheet Webhook",
"callbackUrl": "https://your-service.example.com/hook",
"scope": "sheet",
"scopeObjectId": 123456789,
"events": ["*.*"],
"version": 1,
"customHeaders": {
"X-Webhook-Secret": "your-shared-secret",
"X-Source": "smartsheet"
}
}
Environment Availability: Commercial US, Commercial EU, Commercial AU
Plan Availability: Business, Enterprise, Advanced Work Management
Subscription Model Availability: Legacy model and User model