How do I configure CORS headers for Webhooks triggers?

  • 2 December 2020
  • 3 replies

I’m trying to put a Zapier Webhooks URL in my Marvin ( webhooks settings. I have to do it this way because there are no triggers in the Marvin Zapier app (just actions).

Marvin says regarding webhooks:

To prevent Marvin from being a DOS machine, Webhooks are sent as AJAX requests from the client. That means that your target server needs to configure CORS. If this turns out to be a major inconvenience, this could be improved in the future. Go ahead and file an issue on github if you feel this would be worthwhile.

Which headers are needed?

Access-Control-Allow-Methods: OPTIONS, POST # whichever methods you are using!Access-Control-Allow-Headers: Content-Type,... # whichever you are specifying (+ content type unless using GET)Access-Control-Allow-Origin: # use * if you want to use the desktop or mobile app

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

3 replies

Userlevel 7
Badge +9

Hello! It will be authorisation headers… Based on this data here - You just need to send a POST request with a Bearer token. Have you tried this?


POST /api/test
X-API-Token: XYZ


You just need to send a POST request with a Bearer token. Have you tried this?

It sounds like you are talking about sending data FROM Zapier TO Marvin, but I’m trying to do it the other way around (otherwise I would have just used the Zapier connection that Marvin made).


Something happens in Marvin, and then it needs to call my Zap in Zapier.

Userlevel 7
Badge +8

@Narvey - checking in to see if you were able to square this Zap away. If so, would love to know how!