Very minor change due to issue #1204 - wasn't allowing unauthenticated requests through.

packages/server/src/api/routes/webhook.js

@@ -40,10 +40,7 @@ router
     authorized(BUILDER),
     controller.buildSchema
   )
-  .post(
+  // this shouldn't have authorisation, right now its always public
-    "/api/webhooks/trigger/:instance/:id",
+  .post("/api/webhooks/trigger/:instance/:id", controller.trigger)
-    authorized(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE),
-    controller.trigger
-  )
 
 module.exports = router