Skip to content

Webhooks #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
philsturgeon opened this issue Dec 31, 2024 · 3 comments
Open

Webhooks #44

philsturgeon opened this issue Dec 31, 2024 · 3 comments

Comments

@philsturgeon
Copy link
Contributor

philsturgeon commented Dec 31, 2024
edited
Loading

"There's no good reason for signing webhooks" - https://www.speakeasy.com/post/no-good-reason-for-signing-webhooks

https://www.speakeasyapi.dev/post/openapi-tips-webhooks-callbacks
@lornajane
Copy link

I can think of a few reasons and I can't tell if the quotes are air-quoted alternative facts that need dealing with

@philsturgeon
Copy link
Contributor Author

@lornajane I spotted this article and was curious about it. This is a note for me to follow up, but I'd love your thoughts too.

@lornajane
Copy link

Signing webhooks (or generally doing different stuff with them than with normal API calls) makes sense because the context is so different. Client makes API calls to the server and stuff like an API key can be checked there. When it goes out to a webhook endpoint, which could be anywhere and might have no data at all for Auth, everything needs to be included with the request. I'm not saying that we're necessarily doing it right as things are, but it makes sense that things are different in this context

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@philsturgeon @lornajane and others