HMAC Authentication Plugin

The HMAC Signature authentication establishes the integrity of incoming requests to your APIs. The plugin will validate the digital signature sent in the Proxy-Authorization or Authorization header (in this order). This plugin implementation is based off the draft-cavage-http-signatures draft with a slightly different signature scheme. Give it a try and discuss it here!

HMAC Authentication plugin documentation

Good plugin, but can we customize the header name that contains the hmac digest? It also expect the header in following format, which is kind of strict: