Historically, I have configured Action Menu Items and or Event with a service key. Then I mutated the service key’s sudo_as_login parameter with the users login. All of this effor was done server side. As a result all updates made by the Action or the Event appear to be performed by the user rather than the service key. Diving into WebHooks, I am wondering if a better solution exists in the header or payload data that provides the already authenticated key from the users session. As a result I could deprecate a service key and secret key administrative work.
It is highly unlikely that we’d forward an authenticated user’s session key as that would be a potential security risk.
Given the payload contains the
login of the username that generated the event via their actions,
sudoing as that user is still the correct way to go about things.