tiennm99/claude-status-webhook
1
0
Fork 0
mirror of https://github.com/tiennm99/claude-status-webhook.git synced 2026-04-17 13:21:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct HMAC feature decision — clarify Statuspage platform limitation

Browse Source
This commit is contained in:
tiennm99
2026-04-09 09:37:19 +07:00
parent 96cd75ed81
commit ef55a918d3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/feature-decisions.md
View File

@@ -50,7 +50,7 @@ Suggested features evaluated during code review (April 2026). Each was declined
**Idea**: Verify Statuspage webhook payloads using HMAC signatures as a second auth layer beyond URL secret. **Idea**: Verify Statuspage webhook payloads using HMAC signatures as a second auth layer beyond URL secret.
**Decision**: Skip. Atlassian Statuspage does not provide HMAC signature headers for webhook deliveries. The URL secret is the only auth mechanism they support. If they add signature support in the future, this should be revisited. **Decision**: Skip. Atlassian Statuspage's public subscriber webhooks (the "Subscribe to Updates" → "Webhook" flow) do not provide HMAC signature headers. The only verification mechanism available is embedding a secret in the URL path, which this project already implements with timing-safe comparison. This is a platform limitation, not a design choice — if Atlassian adds signature support in the future (tracked as BCLOUD-14683), this should be revisited.
### 9. Proactive Rate Limit Tracking ### 9. Proactive Rate Limit Tracking