The webhook output sends events via
POST requests to a webhook of your choice. To set this up you will need both the URL to send events to and a shared secret of your choice, which is used to sign requests.
To ensure events come from Service Canary the request is signed with a HMAC digest using the secret provided when setting up the webhook. The signature is attached under the
X-Canary-Signature header and uses
sha1 as a digest.
Example code to verify a request in Python:
data_hmac_signature = hmac.new( 'MY-SECRET', REQUEST_DATA, digestmod=sha1, ).hexdigest() request_hmac_signature = REQUEST_HEADERS.get('X-Canary-Signature') if not hmac.compare_digest(data_hmac_signature, request_hmac_signature): print('Invalid signature! Imposter event!')