Hello,
I am setting up Taiga on behalf of a third party and part of my scope is to add some integration via webhooks. I have never used Taiga before, and so far the documentation has been very helpful. However I am not sure if what I am experiencing is a bug, or the intended behavior as the documentation is a little vague.
From the documentation on Webhooks:
" * A secret key is a string (long is better) that is used to encrypt and decrypt a message so that only those who know the key can decrypt and read it."
This implies that the payload is encrypted using this secret key but that does not appear to be the case. I can create a webhook, put in an arbitrary secret key and then send it to a web app that does not verify the key at all but the payload is still captured and readable.
I am wondering if the secret key and the signature are just meant as a way to gate keep incoming requests by verifying the signature, or if this is actually meant to encrypt the payload so it’s not being transmitted as readable until decrypted.
Sorry if this question is obvious. I am new to web applications as well as Taiga so this is all a learning experience for me.
Thanks for any help!
