Github sends an X-Hub-Signature header that is a SHA1 HMAC in it's webhooks when you configure a shared secret. This adds the ability configure a shared secret in config.json and validate incoming requests using that secret.
Because rawBody is gone, this depends on a the verify button in connect which was added in ~7 months ago (https://github.com/senchalabs/connect/pull/934/files) and so should be fairly available at this point.
Github sends an X-Hub-Signature header that is a SHA1 HMAC in it's webhooks when you configure a shared secret. This adds the ability configure a shared secret in config.json and validate incoming requests using that secret.
Because rawBody is gone, this depends on a the verify button in connect which was added in ~7 months ago (https://github.com/senchalabs/connect/pull/934/files) and so should be fairly available at this point.