Is there any way to add custom header to webhooks?

Hi there,

I am using ghostjs → integrations → custom integration → webhooks for listening to events fired from my blog. Webhooks point towards my another server via public http api. The problem is, anybody can fake webhook fired from ghostjs, how can I add authentication to my webhook? It would be great if Ghostjs allowed adding custom headers to ( x-auth etc. ) secure my public endpoint

Newer versions of Ghost will send the X-Ghost-Signature header if you configure a webhook secret in Ghost Admin.

Here’s how the header value (nodejs hmac logic, but you should be able to adapt it for other languages): sha256=${crypto.createHmac('sha256', secret).update(reqPayload).digest('hex')}, t=${Date.now()}

1 Like