You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/auth_plugins.md
+16Lines changed: 16 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -345,6 +345,13 @@ auth:
345
345
header: Authorization
346
346
```
347
347
348
+
```bash
349
+
curl -X POST "https://your-hooks-server.com/webhooks/example" \
350
+
-H "Authorization: your-shared-secret" \
351
+
-H "Content-Type: application/json" \
352
+
-d '{"event":"test","data":"example"}'
353
+
```
354
+
348
355
**Custom header shared secret:**
349
356
350
357
```yaml
@@ -354,6 +361,15 @@ auth:
354
361
header: X-API-Key
355
362
```
356
363
364
+
```bash
365
+
curl -X POST "https://your-hooks-server.com/webhooks/example" \
366
+
-H "X-API-Key: your-shared-secret" \
367
+
-H "Content-Type: application/json" \
368
+
-d '{"event":"test","data":"example"}'
369
+
```
370
+
371
+
> **Note:** The shared secret is sent as plain text directly in the header value. No `Bearer` prefix or encoding is required. Always use HTTPS to protect the secret in transit.
372
+
357
373
## Custom Auth Plugins
358
374
359
375
This section provides an example of how to implement a custom authentication plugin for a hypothetical system. The plugin checks for a specific authorization header and validates it against a secret stored in an environment variable.
0 commit comments