Enable LLMs to handle webhooks with plaintext files
fix verify frontmatter field names and document literal strategy
+12
-5
+12
-5
README.md
+12
-5
README.md
···
28
28
---
29
29
verify:
30
30
hmac:
31
-
location: header
32
-
name: X-My-Header-Signature
31
+
header: X-My-Header-Signature
33
32
secret: $MY_WEBHOOK_SECRET
34
33
payload:
35
34
contentType: json
···
113
112
Specifies how to authenticate incoming webhook requests. Omit if the provider
114
113
does not sign requests. Only one strategy may be specified.
115
114
116
-
HMAC:
115
+
HMAC (e.g. GitHub, GitLab — computes SHA-256 over the request body):
117
116
118
117
```yaml
119
118
verify:
120
119
hmac:
121
-
location: header # or "query"
122
-
name: X-Hub-Signature-256 # header or query parameter name
120
+
header: X-Hub-Signature-256 # or query: param-name
121
+
secret: $ENV_VAR_NAME # must be an environment variable reference
122
+
```
123
+
124
+
Literal (e.g. Forgejo, plain API key — compares value directly):
125
+
126
+
```yaml
127
+
verify:
128
+
literal:
129
+
header: Authorization # or query: uid
123
130
secret: $ENV_VAR_NAME # must be an environment variable reference
124
131
```
125
132