Nice to have: signature call

[woodspire]

Check this doc that explain why and how to setup a signature for the webhook call.

This way, unauthorized calls are easily discarded.

https://github.com/spatie/laravel-webhook-client#verifying-the-signature-of-incoming-webhooks

[mason-cometbackup]

We've recently updated the documentation for the live event streaming feature at https://account.cometbackup.com/docs/api#other-api--comet-server-live-event-streaming , in particular to compare and contrast the webhook and the websocket versions of this feature.

Using an outbound websocket to receive live events instead of an inbound webhook ensures that you can never receive an unauthorized call. In that sense, it can serve some of the same purposes as a signature.

However, it's not a complete replacement, and we would still like to implement webhook signatures in the future.

[mason-cometbackup]

The latest version of Comet (21.9.1 and corresponding PHP SDK v3.16.0) add support for setting custom headers in webhook requests. You could use this to include a bearer key in the webhook requests.

However, it's still not a complete solution to signed requests.