diff --git a/src/Umbraco.Web.BackOffice/Controllers/WebhookController.cs b/src/Umbraco.Web.BackOffice/Controllers/WebhookController.cs
index 5e76d54ef4..afa39ff623 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/WebhookController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/WebhookController.cs
@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Cms.Core;
 using Umbraco.Cms.Core.Mapping;
@@ -6,11 +7,13 @@ using Umbraco.Cms.Core.Services;
 using Umbraco.Cms.Core.Webhooks;
 using Umbraco.Cms.Web.BackOffice.Services;
 using Umbraco.Cms.Web.Common.Attributes;
+using Umbraco.Cms.Web.Common.Authorization;
 using Umbraco.Cms.Web.Common.Models;
 
 namespace Umbraco.Cms.Web.BackOffice.Controllers;
 
 [PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
+[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)]
 public class WebhookController : UmbracoAuthorizedJsonController
 {
     private readonly IWebhookService _webhookService;