I actually just found a solution. Now its going to make things messy and very tedious. But if you organize it and have a naming convention then you can make it not so bad.
So for every webhook you want to allow access for you need to create an application in your cloudflare zero trust. Set the application url to the webhook url and then create a policy to allow everyone or if you know the IPs of what service needs to access your webhook then add that and not everyone.
Hope this helps