Signing requests and verifying signature on response
We are exploring using Domain Events in a multi tenant financial environment to allow our customers to get notifications around transaction status changes. However, our webhooks need to be signed and the response from the customer must also be signed with a digital signature. Unfortunately Event Grid only requires a 200 response in order to consider a webhook successful whereas we would also require the response to be signed with the correct signature. It would be nice if we could add custom rules/policies that have to be fulfilled for the response to be deemed successful.
Perhaps introduce request/response policies similar to these available through Azure API Manager whereby a policy could be defined to verify the response signature before considering the request successful