Basically I would like to authenticate the webhook url while communicating with jenkins. I cannot use the
The webhook “secret token” is what is used for that purpose. See the GitHub Developer article Securing your webhooks for more information.
I agree however there are valid use cases for using both, such as needing to hop through an auth proxy or WAF before hitting a private service. A good analogy is a bastion host, the bastion gets you network access and you must have further credentials to access additional systems.