When I do the following query:

mutation {
  delete_Skill(where: {CompanyId: {_eq: 1}}){
    affected_rows
  }
}

It works as expected when using X-Hasura-Access-Key, but when I use my x-access-token header with webhook, it ignores the CompanyId param and delete all rows in the table. I've tested it in console and the same thing happens.