I've remembered partial solution. So scenario will be like that:
- Create web service with your web hook.
- Create a ssh key on the same host for some special (usually owner of web hook service) user to have an access to repos.
- Add ssh key created at previous step as deploy key.
- Finally: Register your webhook and add your deploy key for that hook to project — repeat it for each project what need this hook.
You have event listener (your web hook service), and you have access to that repository (ssh/git).
But still that solution doesn't have access to API itself.
Probably, there is also an another solution.
- Create custom admin user with a big random password and some synthetic name like HookBot or something, remember private_token of that user;
- Register your web hook;
- Use api access to add your deploy key with HookBot (untested);
- Use sudo api to get sources or something else. Just mimicry to pusher's account (sudo -u {author_id}) and go on, read repo, work with it, etc.
Maybe some another solutions? More legit?