Is your feature request related to a problem? Please describe.
We're planning to migrate our webhook infrastructure to Outpost. We already have thousands of integrated clients receiving webhooks from us today, and our existing contract with them specifies a fixed signature header name that does not use the -signature suffix. For example, something like x-acme-digest.
Today, DESTINATIONS_WEBHOOK_HEADER_PREFIX lets us customize the header prefix (e.g. x-acme-), but the suffix signature is hardcoded, so we can only ever produce x-acme-signature.
Because we already have an established contract with our clients, we can't ask them all to change the header they read. To make the migration to Outpost as seamless as possible (ideally zero client-side changes), we need to emit the signature under our existing header name.
Describe the solution you'd like
Make the signature header name fully customizable, not just the prefix. Something like:
A new field on DestinationWebhookConfig, e.g. DESTINATIONS_WEBHOOK_SIGNATURE_HEADER_NAME.
When set, this value is used as the complete signature header name, bypassing the <prefix>signature construction entirely. When unset, behavior is unchanged (defaults to signature), so this is fully backwards compatible.
Example: with DESTINATIONS_WEBHOOK_SIGNATURE_HEADER_NAME=x-acme-digest, the delivered header would be exactly x-acme-digest regardless of the configured prefix.
The key point is control over the entire header name. The prefix option only covers part of the naming; consumers with an existing, fixed header contract need to pin the full name.
This mirrors the existing precedent where the signature value is already customizable via DESTINATIONS_WEBHOOK_SIGNATURE_HEADER_TEMPLATE: we'd simply be extending that same "make signatures interoperable with existing consumers" philosophy to the header name.
I'm happy to implement this and open a PR. I've traced the two call sites above and reviewed the config-field workflow in contributing/config.md (struct field + tags, defaults, LogConfigurationSummary(), validation, go generate for docs). I just wanted to align on the approach and naming before writing the code.
Describe alternatives you've considered
- Custom headers: We can add arbitrary static headers per destination, but those carry static values. They can't carry the computed per-request signature, so this doesn't solve our case.
- Header prefix only (
DESTINATIONS_WEBHOOK_HEADER_PREFIX): Adjusting the prefix still leaves the mandatory signature suffix, producing x-acme-signature rather than x-acme-digest.
- Post-processing/proxy layer to rename the header in flight: Adds operational complexity and an extra hop purely to rename one header; this is not viable at our scale.
- Asking clients to update the header they validate: Not really feasible with thousands of existing integrations under contract.
Additional context
- We'd want this to work in both default and standard webhook modes, since the suffix is hardcoded in both providers.
- Backwards compatibility: unset config can preserve today's exact behavior.
Is your feature request related to a problem? Please describe.
We're planning to migrate our webhook infrastructure to Outpost. We already have thousands of integrated clients receiving webhooks from us today, and our existing contract with them specifies a fixed signature header name that does not use the -signature suffix. For example, something like x-acme-digest.
Today,
DESTINATIONS_WEBHOOK_HEADER_PREFIXlets us customize the header prefix (e.g. x-acme-), but the suffix signature is hardcoded, so we can only ever produce x-acme-signature.Because we already have an established contract with our clients, we can't ask them all to change the header they read. To make the migration to Outpost as seamless as possible (ideally zero client-side changes), we need to emit the signature under our existing header name.
Describe the solution you'd like
Make the signature header name fully customizable, not just the prefix. Something like:
A new field on DestinationWebhookConfig, e.g.
DESTINATIONS_WEBHOOK_SIGNATURE_HEADER_NAME.When set, this value is used as the complete signature header name, bypassing the
<prefix>signatureconstruction entirely. When unset, behavior is unchanged (defaults to signature), so this is fully backwards compatible.Example: with
DESTINATIONS_WEBHOOK_SIGNATURE_HEADER_NAME=x-acme-digest, the delivered header would be exactlyx-acme-digestregardless of the configured prefix.The key point is control over the entire header name. The prefix option only covers part of the naming; consumers with an existing, fixed header contract need to pin the full name.
This mirrors the existing precedent where the signature value is already customizable via
DESTINATIONS_WEBHOOK_SIGNATURE_HEADER_TEMPLATE: we'd simply be extending that same "make signatures interoperable with existing consumers" philosophy to the header name.I'm happy to implement this and open a PR. I've traced the two call sites above and reviewed the config-field workflow in contributing/config.md (struct field + tags, defaults, LogConfigurationSummary(), validation, go generate for docs). I just wanted to align on the approach and naming before writing the code.
Describe alternatives you've considered
DESTINATIONS_WEBHOOK_HEADER_PREFIX): Adjusting the prefix still leaves the mandatory signature suffix, producing x-acme-signature rather thanx-acme-digest.Additional context