A special resource type that Corteza supports is system sink (
system:sink) that is used to respond to API requests.
You can use the sink route to implement webhooks; for example, the OAuth flow.
Authentication with signature
Each sink URL must be signed for security purposes. The signature is generated based on the parameters (path and constraints) and salted.
Refer to the CLI command for details.
Automation script security context
When an HTTP request triggers a script, we are unable to determine who is the invoking user.
Because of this, you need to specify the invoking user for the security context (the
HTTP request handler
The HTTP request handler validates the request and converts it into a sink request.
check if the signature is provided,
check if the signature is valid,
check if enforced constraints match the request parameters:
maximum body size, and so on.
If the above validation passes, the request becomes a sink request and is processed as any other event.
The sink processor takes the HTTP request and converts it into an event that can trigger automation script on the Corredor server.
The most important thing to note here, is that there are slight deviations based on the content-type of the request.
When the request indicates an email (
OnReceive system mail (
system:mail) event is raised.
Any other case, the
OnRequest system sink (
system:sink) event is raised.
The sink processor also constructs the proper response (headers and body) based on the request.