As mentioned previously, it is possible to use webhooks with Salt API. Webhooks are designed to be commands that can be issued over HTTP/HTTPS in a single call; no getting tokens first. This can be problematic from a number of standpoints.
The first roadblock involves services that make use of tokens, or any other authentication scheme that requires multiple web requests to be made to a server. Since webhooks need to be able to work in a single shot, using a Salt API token is out of the question.
As you have seen, Salt API does allow commands to be issued in a single call as long as all the credentials are passed along. This is okay if the service making the call allows you to define things such as custom headers and
POST data. In some situations, this is acceptable, but some services do not provide that capability.