🍪 Cookie Notice

We use cookies to learn how you interact with our content, and show you relevant content and ads based on your browsing history. You can adjust your settings below. Here's our policy.

Cookie settings
Skip to main content

JoyConf 2026 is back. Content Confidence. Human Connection. Save your spot!

Security Fix: Webhook API Now Aligned with UI Access Controls

We’ve resolved a security issue where the Webhook and Webhook Logs Management API endpoints were not enforcing the same access restrictions already present in the Storyblok UI.

Context: Webhook management in the Storyblok interface has always been restricted to space Admins and Owners — it is not accessible to Editor or Restricted roles. This fix ensures the Management API honors that same intended behavior. Users who could not manage webhooks through the UI should not have been able to do so through the API either.

Who is affected: Space collaborators with Editor or Restricted roles who were accessing webhook endpoints directly via the Management API will now receive an authorization error. Space Admins and Owners are not affected.

What you need to do: If you have scripts or integrations calling the Webhook API using non-admin credentials, update them to use credentials from an Admin or Owner account.

For questions or assistance, don’t hesitate to reach out to our support team.