DRUID allow developers to suscribe to any event via Webhooks. Webhooks must be registered previously in cockpit tool.
All web hook calls are signed with hmac ensure the integrity and invariability of the same. You will get a POST request to the defined endpoint previously registered in cockpit with this format:
You have to read and process X-Hub-Signature header. You will get mac digest method used and hash calculated for entire request body.
you have to calculate HMAC of body on your side (with password generated in cockpit Webhook section) and compare with received header for ensuring authenticity.
HMAC password for example is 12345