This post is for people who want to be able to subscribe to private feeds, or people who want to be able to communicate from one site to another using webhooks. I’ve talked a number of times on the subject at various conferences, but haven’t posted publicly about the approach.
Thankfully, it’s simple. You can see the whole thing here, in this nice set of slides:
Or, you can look at this diagram that illustrates the protocol flow. Note that all the curl commands needed to make a secure, private connection are included in the diagram.
The goal is to allow crypto-less communication across sites while retaining a familiar user experience. This approach achieves that, I think. What do you think?