Global webhook sending incorrect Host header - 401 errors

My global webhook (Settings → Webhooks) requests are being rejected by my endpoint (Pipedream) with 401 Unauthorized.

I worked with Pipedream support and they confirmed the issue: the webhook requests are sending a Host: webhook.site header instead of the correct host matching my actual webhook URL.

I temporarily used webhook.site for testing, and it appears that Host value is now stuck/cached in your system.

Can someone from the Retell team reach out so I can share my webhook URL privately? I’d prefer not to post it publicly.

Thanks

Based on the available sources, there was a similar case where webhook URL changes weren’t being applied correctly(1). The Retell support team identified that the old webhook URL was still configured in the settings, not the new one(1).

Here are the troubleshooting steps to resolve this:

Verify your webhook configuration:

• Check that your new webhook URL is correctly saved in Settings → Webhooks(1)
• Ensure your phone number or agent is using the correct agent version that references the updated webhook URL(1)

Secure your webhook endpoint:

When setting up your webhook endpoint, you should verify incoming requests using the Retell signature to prevent unauthorized access(2)(3). Here’s how to implement verification:

// install the sdk: https://docs.retellai.com/get-started/sdk
import { Retell } from "retell-sdk";
import express, { Request, Response } from "express";
const app = express();
app.use(express.json());
app.post("/webhook", (req: Request, res: Response) => {
 const {event, call} = req.body;
 switch (event) {
 case "call_started":
 console.log("Call started event received", call.call_id);
 break;
 case "call_ended":
 console.log("Call ended event received", call.call_id);
 break;
 case "call_analyzed":
 console.log("Call analyzed event received", call.call_id);
 break;
 default:
 console.log("Received an unknown event:", event);
 }
 // Acknowledge the receipt of the event
 res.status(204).send();
});

(2)

from fastapi import FastAPI, Request
from fastapi.responses import JSONResponse
from retell import Retell

retell = Retell(api_key=os.environ["RETELL_API_KEY"])
@app.post("/check-weather")
async def check-weather(request: Request):
 try:
 post_data = await request.json()
 valid_signature = retell.verify(
 json.dumps(post_data, separators=(",", ":"), ensure_ascii=False),
 api_key=str(os.environ["RETELL_API_KEY"]),
 signature=str(request.headers.get("X-Retell-Signature")),
 )
 if not valid_signature:
 print(
 "Received Unauthorized",
 post_data["event"],
 post_data["data"]["call_id"],
 )
 return JSONResponse(status_code=401, content={"message": "Unauthorized"})
 args = post_data["args"]
 if args["city"] == "New York":
 return JSONResponse(status_code=200, content={"result": "25f and sunny"})
 else:
 return JSONResponse(status_code=200, content={"result": "20f and cloudy"})
 except Exception as err:
 print(f"Error in webhook: {err}")
 return JSONResponse(
 status_code=500, content={"message": "Internal Server Error"}
 )

(3)

You can also secure your server by allowlisting Retell’s IP address: 100.20.5.228(3).

Contact Retell support:

For direct assistance with your specific webhook configuration issue, you can:

• Ask questions on Discord
• Visit Contact Sales
• Visit https://github.com/RetellAI/

The support team can review your agent ID and call logs to identify the root cause, similar to how they resolved the previous caching issue(1).

Hello @Taskiva

Can you share the org id , and a call id

does this happens for all agents or just one agent?

Hi Omar,

Org ID: org_ItCjQhy8m5bVdwky

Call ID: call_027364533164886fcf9ceefbaf0

This happens for all agents - it’s the global webhook (Settings → Webhooks) that’s failing, not agent-level webhooks. Agent-level webhooks work fine.

Thanks

Based on the available sources, there’s a documented case of webhook URL caching issues that matches your situation(1). The Retell support team was able to investigate and resolve this by reviewing the specific agent ID and call details(1).

Understanding Global vs Agent-Level Webhooks:

According to the documentation, there are two types of webhooks in Retell AI:

1. Workspace-level (Global) webhook - configured in Settings → Webhooks(2)
2. Agent-level webhook - configured per agent, which overrides the global webhook for that specific agent(3)

When an agent has a webhook_url set, it binds webhook events for that agent to the specified URL and ignores the account-level webhook(3).

Webhook Verification:

To secure your webhook and verify requests are coming from Retell AI, you should implement signature verification using the X-Retell-Signature header(2). The webhook can be verified using your Retell API Key(4)(2).

Next Steps:

Since you’ve provided your Org ID (org_ItCjQhy8m5bVdwky) and Call ID (call_027364533164886fcf9ceefbaf0), the Retell support team can investigate why the global webhook is sending incorrect Host headers.

For direct assistance with this specific caching issue, contact Retell support through:

• Discord
• Contact Sales
• https://github.com/RetellAI/

The support team will be able to review your webhook configuration and resolve the cached Host: webhook.site header issue, similar to how they handled the previous webhook caching case(1).

So the request comes to pipedream with the header of webhook.site

Can you share a screenshot of this request from Pipedream?

Here’s a screenshot of a successful request from Pipedream. The Host header shows eoa38rjbab1wtqz.m.pipedream.net which is correct. However, the 401 errors are showing up in Retell’s call logs — those requests never appear in my Pipedream event history, which suggests they’re being rejected at the gateway before reaching my workflow. Can you check what Host header Retell is sending on the calls that return 401? Pipedream support said the failing requests are coming in with webhook.site as the Host header."

image1920×1032 107 KB