Based on the knowledge sources, there appears to be an issue with authentication support in OAuth2 webhooks. According to a GitHub issue (#324), OAuth2 actions (webhooks) didn't have authentication support at the time the issue was reported: > "OAuth2 actions should support authentication like we do with Identity actions" The issue specifically mentions that authentication headers were not being added to requests in Hydra hooks: [GitHub Issue: OAuth2 actions don't have authentication support](https://github.com/ory/network/issues/324) Another related GitHub issue (#357) indicates problems with setting the

oauth2/token_hook/url

without

auth

config: [GitHub Issue: Cannot set

oauth2/token_hook/url

without

auth

config](https://github.com/ory/network/issues/357) Your configuration appears to be correct based on the documentation format for API key authentication in webhooks:

hook: web_hook config:   auth:     type: api_key     config:       name: Authorization       value: { API Key value }       in: header # alternatively "cookie"

As described in [Trigger custom logic and integrate with external systems with webhooks](https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#request-authentication) The fact that changing AUTH_TYPE yields an error but your webhook is called without the header suggests that while the configuration is being parsed, the authentication implementation might not be working correctly for OAuth2 webhooks specifically. This appears to be a known issue rather than a typo in your configuration. If you need this functionality urgently, you might want to check if there have been any updates to Hydra since these issues were reported or reach out to the Ory community on Slack for the latest status.