Skip to content


v2.11 and after

Many clients can send events via the events API endpoint using a standard authorization header. However, for clients that are unable to do so (e.g. because they use signature verification as proof of origin), additional configuration is required.

In the namespace that will receive the event, create access token resources for your client:

  • A role with permissions to get workflow templates and to create a workflow: example
  • A service account for the client: example.
  • A binding of the account to the role: example

Additionally create:

  • A secret named argo-workflows-webhook-clients listing the service accounts: example

The secret argo-workflows-webhook-clients tells Argo:

  • What type of webhook the account can be used for, e.g. github.
  • What "secret" that webhook is configured for, e.g. in your Github settings page.