Summary

At the moment X-Hub-Signature payloads can be validated only against the four specific providers one can find at /server/auth/webhook. This significantly limits ease of integration when using other platforms that use X-Hub headers, which are a well-defined standard whose support would therefore be of great value.

Such an implementation looks like a low-hanging fruit, we can even adapt existing code in eg. webhooks' package github provider.

Use Cases

This would unlock facebook/meta ecosystem (whatsapp for business et al), forgejo, and probably other platforms. Another small iteration could include Stripe, Shopify, Zendesk which use a base64 encoded signature with a custom header name.

What do you think? Thanks in advance, regards

Message from the maintainers:

Love this feature request? Give it a 👍. We prioritise the proposals with the most 👍.