I am creating Outlook subscriptions as outlined here, and setting the NotificationURL to an endpoint on AWS API Gateway. This works as expected.
However, the endpoint is now being locked down, and will require an authorization token and API key to access.
How can I set the headers on the push notifications being sent from Office 365?
I do not think you can authenticate the request sent from Office 365 REST API services by setting a bearer or something like that.
The
NotificationURL
you give to Office 365 REST services must be accessible publicly. But the rest of your API can be accessible only through authentication. Of course you must implement/check theValidationToken
orSubscriptionId
to avoid being hacked by malicious REST calls faking Outlook subscriptions.