As mentioned previously, it is possible to use webhooks with the Salt API. Webhooks are designed to be commands that can be issued over HTTP/HTTPS in a single call-no getting tokens first. This can be problematic from a number of standpoints.
The first roadblock involves services that make use of tokens or any other authentication scheme that requires multiple web requests to be made to a server. Since webhooks need to be able to work in a single shot, using a Salt API token is out of the question.
As you have seen, the Salt API does allow commands to be issued in a single call as long as all the credentials are passed along. This is okay if the service making the call allows you to define things such as custom headers and
POST data. In some situations, this is acceptable, but some services do not provide that capability.
That leaves us with unauthenticated web requests. This is also doable inside the Salt API, but the user will have to provide their own authentication...