I was trying to work up a notification that would give the user name of the person who edited a record that triggered the webhook. The only user ID that comes through is the one for the person who created the record.
Now I’m wondering if this is something about the way our users are set up. If I pull the versions via the content management api, I get one version with a User ID from the person who first created this record. Then I get versions with an access_token id, which are my edits.
The User ID send by the webhook isn’t either of those, though. It’s someone who doesn’t appear to have touched this record at all.
Sorry, this is a webhook limitation, not anything you’re doing wrong 
You have to make a CMA call to fetch details on that version, like you already did (e.g. Update Webhook Missing User Information - #3 by m.finamor)
Yeah, exactly this. The webhook’s meta.current_version is the one to fetch from the CMA.
Which field are you using as the user ID? (As in the JSON path to it). If you look at e.g. relationships.creator, it should tell you the type of ID it is:
"relationships": {
"item_type": {
"data": {
"id": "OfGOkLsUQlKFQjNBQtXZGA",
"type": "item_type"
}
},
"creator": {
"data": {
"id": "627975",
"type": "organization"
}
}
},
But that’s not really useful for you here. You do have to make that separate CMA call to fetch the latest version info and get its author that way
This is an annoying design quirk on our part, and something I hope we can natively add to webhooks in the future. (PS please remember to vote on this in the upper left)
Sorry about that.
I’ll have to go back through things, but the versions that I specifically created don’t come back with my user ID from the CMA. They come back with access_token, which points back to our default read/write API key for some reason. So maybe there’s a bug here also. They display with me as the editor in the CMS interface, but show as being edited by API key not by me when we pull the versions.
Ohhhhhh, I just realized something. I was testing publishing in a different environment for testing the webhook without messing up live data, but my API calls would have been looking at the primary environment, so not seeing my edits. D’oh!
Did it work after you added the env?
And I make that same damned mistake at least once a month 
Yes, I think it did.
What API permissions do I need to use to get access to the sso-users endpoint though? The read-only key doesn’t work.
You can create a new role with the Manage Single Sign-On settings permission:
Then assign it to an API key that has CMA access:
That should work.
Ah, I don’t have access to add new roles, and don’t see those configs on existing ones. That explains that.
Edit: I was looking in the permissions settings. Didn’t realize there were these top level role settings, and didn’t look at your screenshot closely enough.