All actions against organization webhooks require the authenticated user to be an admin of the organization being managed. Additionally, OAuth tokens require the admin:org_hook scope.
In order to protect sensitive data which may be present in webhook configurations, we also enforce the following access control rules: