fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard
verified publisher icon FusionAuth

Add config for Webhook Signature

Open robotdan opened this issue 3 years ago • 0 comments

Add config for Webhook Signature

Description

The smart folks over at ngrok have put together a bunch of great information on webhooks, best practices, and reviewed a bunch of existing webhook producers to identify common behaviors.

Solution

Things we should consider:

  • Adding some sort of signature to the request header using HMAC or an asymmetric key
    • https://webhooks.fyi/security/hmac
  • Support for key rotation by configuring one to many keys and appending all signatures to the request.
    • https://webhooks.fyi/ops-experience/key-rotation

Additional context

  • https://webhooks.fyi/

Once this is complete, submit a PR to add our name to this list:

  • https://webhooks.fyi/docs/webhook-directory

Related

  • https://github.com/FusionAuth/fusionauth-issues/issues/1543

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

robotdan avatar Sep 01 '22 12:09 robotdan