It is not super clear in the documentation but I think you can get it o work by just using “Webhook response module” right after your webhook and add a header:
header name: X-Hook-Signature
header value: {{1.X-Hook-Signature}} (this is a value you should get from Sweepbright in the payload)
In theory, you should calculate the X-Hook-signature value by calculating the HMAC hash (as poorly described in the documentation) and make sure that it matches the X-Hook-signature value received by the webhook. This is a way to verify that the webhook actually comes from Sweepbright. It does not seem mandatory but it is good practice.
I found an API “secret key” in Sweepbright, is this a X-hook signature ?
I used Postman in order to make a POST request using the X-hook signature I found and completed the request with the information (header, body, etc.) I got from Sweepbright documentation.
I tried it and I got a 200 response which is nice but there is nothing inside.