Webhook Output

The webhook output sends events via POST requests to a webhook of your choice. To set this up you will need both the URL to send events to and a shared secret of your choice, which is used to sign requests.

Verifying Requests

To ensure events come from Service Canary the request is signed with a HMAC digest using the secret provided when setting up the webhook. The signature is attached under the X-Canary-Signature header and uses sha1 as a digest.

Example code to verify a request in Python:

data_hmac_signature = hmac.new(
    'MY-SECRET',
    REQUEST_DATA,
    digestmod=sha1,
).hexdigest()

request_hmac_signature = REQUEST_HEADERS.get('X-Canary-Signature')

if not hmac.compare_digest(data_hmac_signature, request_hmac_signature):
    print('Invalid signature! Imposter event!')