Using Standard Webhooks

[ThisIsMissEm]

What type of request is this?

New feature idea

Clear and concise description of the feature you are proposing

At present, it looks like OwlRelay uses it's own custom webhook signature mechanism, based on the X-Signature setup. As an alternative, you could use the Standard Webhooks specification, which would also allow for OwlRelay to use asymmetrical signatures (e.g., OwlRelay has a private key for signing, and your application has a public key for verifying the signature) — Standard Webhooks also supports the shared secret model that you're currently using.

Additional context

I think this could give a boost to OwlRelay and make it easier to build client libraries, as the verification of the webhooks would have a standard that can be referenced.

Validations

• Check the feature is not already implemented in the project.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.
• Check that the feature is technically feasible and aligns with the project's goals.

[CorentinTh]

Hi, thank you for sharing the spec!
I wasn't aware of this, I went with making a custom solution inspired by github's webhook signature (and dedicated package for the signature verification)

I think it'll indeed be a good idea to switch to the standard webhooks spec, it'll require some work to migrate without breaking the current webhooks, but it should be worth it

[CorentinTh]

I'll also consider this for Papra's webhooks