Webhook / HTTPS Endpoint - error returned from Postman "no authentication methods were specified"

Problem setting up a Webhook / HTTPS Endpoint

Following along with this video (which, despite being created this year, is apparently really out of date – application is seemingly undergoing massive change):

At the 7:00 mark, Michael Lynn describes the settings for setting up a “3rd party service” (or “webhook”) (now apparently known as “HTTPS Endpoints”) - specifically, choosing an authentication method (Application | System | UserId | Script).

I am configuring my own HTTPS Endpoint, and nowhere am I given the option to configure this.

  • Everything is deployed successfully
  • the function works in the internal console / function editor

when I try to test via Postman, I get the error

    "error": "no authentication methods were specified",
    "error_code": "InvalidParameter",
    "link": "https://realm.mongodb.com/groups/...[truncated]

I thought maybe I had missing config within Realm - and found that I had no auth providers enabled. I enabled and deployed “API Keys”, then created an API key…

I am trying to post form data to that endpoint. In Postman, I am:

  • using POST;
  • using the endpoint shown within the record
  • specifying in the request body, appropriate form-data in key/value pairs;
  • specifying query params: key: secret value: (my secret key value);
  • after initial failure, set up API Key in Realm as noted, then in Postman, in the Authorization tab, added x-api-key and the API Key value I created above. That really should be everything I could need to specify, right?

…but I get the same error.

Any thoughts? Thank you!

1 Like

@Greg_Hammond ,

It sounds like the webhook definition is set of “application authentication” on the webhook definition. This method requires to provide at least one of your enabled authentication methods when calling the weebhook (for example a user/password via HTTP basic authetntication).

The API KEY requires you to specify a specific field either in the body or header of the call and its not x-api-key but :

  "api-key": "<User's API Key>"

If you do not need auth for the webhook you must set the authentication method to “SYSTEM”. Like in the tutorial :

Best regards,

1 Like

Thank you Pavel, I really appreciate the response. Changing the auth field from ‘x-api-key’ to ‘api-key’ in the header worked for me.

Apparently my endpoint was indeed configured to “application authentication”, as sending the api-key worked. Again, though, the current UI for configuring this stuff doesn’t even show me the Authentication section (as it does in the tutorial) – so I have no way of changing that setting, or even knowing what it is. Is that currently on a dev list?

Thanks again,

Going to answer my own question here, for others’ benefit:

The authentication method is exposed on the Settings tab within Edit Function. This is also where the “Can Evaluate” JSON expression can be specified.

Sorry for the confusion, hopefully this helps others going forward.



Greg, you’re an amazing guy, and I wish you nothing but happiness in life.

This small hidden setting had me searching for about 1.5 hours, and I thought my saving grace would be finding that video that was only 10 months old.

Thank you so much for helping me find this setting, and understanding that was the reason why my API wasn’t working.

Also, thanks so much for coming back to post the update even after you found the resolution yourself.


Hi @Greg_Hammond and @SPat ,

I see the confusion and I will highlight this UI change that might confuse users for improvement.

Thanks for sharing your experience.


Hi @Pavel_Duchovny

I’m getting the same error

no authentication methods were specified

and I use email/password authentication and yes my function auth is ** application authentication**
when I do http request from web browser using axios, I get that error, though I have passed the auth header

Authorization: `Bearer ${_accessToken}`,

I think it should work if I use the realm-web SDK but I wanna use it with axios, in case I need to change the backend provider later.

1 Like

HI @Mohammed_Ramadan,

For more details on other authentication providers (i.e, email/password and jwt token), you can follow our documentation found here. As the documentation is for our deprecated 3rd party service, please bear in mind that this is only temporary and we will also include a similar outline in the new HTTPS endpoint documentation.

JWT Token

curl --location --request POST 'XXX' \
--header "Content-Type: application/json" \
--header "jwtTokenString: <JWT_TOKEN>"

Email / Password

curl --location --request POST 'XXX' \
--header "Content-Type: application/json" \
--data '{"username": "XXX", "password": "XXX"}'

I hope this clears things up.


Hi @giulianocelani ,

Thank you for your comment. But I have tried the email/password approach and it didn’t work plus I want to access the app through HTTPS endpoint and not the CLI.

This is super useful. Thanks for solving. I’m new to MongoDB and working with backend data. The guides and documents from MongoDB are not very useful and quite confusing as there’s lots of assumed knowledge.

Even where to select Authentication Option of System is not very intuitive where you can only change it by selecting the word within your HTTPS endpoint “Linked Function” to go to the right section where this option is enabled.

We are there though, thanks again all!

Thank you @Greg_Hammond …your contribution was helpful