diff --git a/mmv1/products/dialogflowcx/Webhook.yaml b/mmv1/products/dialogflowcx/Webhook.yaml
index 126b21034e9f..b4796b272db1 100644
--- a/mmv1/products/dialogflowcx/Webhook.yaml
+++ b/mmv1/products/dialogflowcx/Webhook.yaml
@@ -54,6 +54,18 @@ examples:
     primary_resource_id: 'flexible_webhook'
     vars:
       agent_name: 'dialogflowcx-agent'
+  - name: 'dialogflowcx_webhook_with_service_account_auth'
+    primary_resource_id: 'webhook_use_service_account'
+    vars:
+      agent_name: 'dialogflowcx-agent'
+    test_env_vars:
+      service_account: 'SERVICE_ACCT'
+  - name: 'dialogflowcx_webhook_service_directory_with_service_account_auth'
+    primary_resource_id: 'webhook_use_service_account'
+    vars:
+      agent_name: 'dialogflowcx-agent'
+    test_env_vars:
+      service_account: 'SERVICE_ACCT'
 parameters:
   - name: 'parent'
     type: String
@@ -200,6 +212,21 @@ properties:
           - 'NONE'
           - 'ID_TOKEN'
           - 'ACCESS_TOKEN'
+      - name: serviceAccountAuthConfig
+        type: NestedObject
+        description: Configuration for authentication using a service account.
+        properties:
+          - name: serviceAccount
+            type: String
+            required: true
+            description: |-
+              The email address of the service account used to authenticate the webhook call.
+              Dialogflow uses this service account to exchange an access token and the access
+              token is then sent in the **Authorization** header of the webhook request.
+
+              The service account must have the **roles/iam.serviceAccountTokenCreator** role
+              granted to the
+              [Dialogflow service agent](https://cloud.google.com/iam/docs/service-agents?_gl=1*1jsujvh*_ga*NjYxMzU3OTg2LjE3Njc3MzQ4NjM.*_ga_WH2QY8WWF5*czE3Njc3MzQ2MjgkbzIkZzEkdDE3Njc3MzQ3NzQkajYwJGwwJGgw#dialogflow-service-agent).
       - name: uri
         type: String
         description: The webhook URI for receiving POST requests. It must use https protocol.
@@ -338,6 +365,21 @@ properties:
               - 'NONE'
               - 'ID_TOKEN'
               - 'ACCESS_TOKEN'
+          - name: serviceAccountAuthConfig
+            type: NestedObject
+            description: Configuration for authentication using a service account.
+            properties:
+              - name: serviceAccount
+                type: String
+                required: true
+                description: |-
+                  The email address of the service account used to authenticate the webhook call.
+                  Dialogflow uses this service account to exchange an access token and the access
+                  token is then sent in the **Authorization** header of the webhook request.
+
+                  The service account must have the **roles/iam.serviceAccountTokenCreator** role
+                  granted to the
+                  [Dialogflow service agent](https://cloud.google.com/iam/docs/service-agents?_gl=1*1jsujvh*_ga*NjYxMzU3OTg2LjE3Njc3MzQ4NjM.*_ga_WH2QY8WWF5*czE3Njc3MzQ2MjgkbzIkZzEkdDE3Njc3MzQ3NzQkajYwJGwwJGgw#dialogflow-service-agent).
           - name: uri
             type: String
             description: The webhook URI for receiving POST requests. It must use https protocol.
diff --git a/mmv1/templates/terraform/examples/dialogflowcx_webhook_service_directory_with_service_account_auth.tf.tmpl b/mmv1/templates/terraform/examples/dialogflowcx_webhook_service_directory_with_service_account_auth.tf.tmpl
new file mode 100644
index 000000000000..fbe7d67939d8
--- /dev/null
+++ b/mmv1/templates/terraform/examples/dialogflowcx_webhook_service_directory_with_service_account_auth.tf.tmpl
@@ -0,0 +1,30 @@
+resource "google_dialogflow_cx_agent" "agent" {
+  display_name = "{{index $.Vars "agent_name"}}"
+  location = "us-central1"
+  default_language_code = "en"
+  supported_language_codes = ["it","de","es"]
+  time_zone = "America/New_York"
+  description = "Example description."
+  avatar_uri = "https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png"
+  enable_stackdriver_logging = true
+  enable_spell_correction    = true
+  speech_to_text_settings {
+    enable_speech_adaptation = true
+  }
+}
+
+
+resource "google_dialogflow_cx_webhook" "{{$.PrimaryResourceId}}" {
+  parent       = google_dialogflow_cx_agent.agent.id
+  display_name = "MyWebhook"
+  service_directory {
+    service = "projects/example-proj/locations/us-central1/namespaces/example-namespace/services/example-service"
+    generic_web_service {
+      uri = "https://example.googleapis.com"
+      webhook_type = "STANDARD"
+      service_account_auth_config {
+        service_account = "{{index $.TestEnvVars "service_account"}}"
+      }
+    }
+  }
+}
diff --git a/mmv1/templates/terraform/examples/dialogflowcx_webhook_with_service_account_auth.tf.tmpl b/mmv1/templates/terraform/examples/dialogflowcx_webhook_with_service_account_auth.tf.tmpl
new file mode 100644
index 000000000000..8cef4e62a9b6
--- /dev/null
+++ b/mmv1/templates/terraform/examples/dialogflowcx_webhook_with_service_account_auth.tf.tmpl
@@ -0,0 +1,27 @@
+resource "google_dialogflow_cx_agent" "agent" {
+  display_name = "{{index $.Vars "agent_name"}}"
+  location = "global"
+  default_language_code = "en"
+  supported_language_codes = ["it","de","es"]
+  time_zone = "America/New_York"
+  description = "Example description."
+  avatar_uri = "https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png"
+  enable_stackdriver_logging = true
+  enable_spell_correction    = true
+  speech_to_text_settings {
+    enable_speech_adaptation = true
+  }
+}
+
+
+resource "google_dialogflow_cx_webhook" "{{$.PrimaryResourceId}}" {
+  parent       = google_dialogflow_cx_agent.agent.id
+  display_name = "MyWebhook"
+  generic_web_service {
+		uri = "https://example.googleapis.com"
+    webhook_type = "STANDARD"
+    service_account_auth_config {
+      service_account = "{{index $.TestEnvVars "service_account"}}"
+    }
+	}
+}