Can we get kong HMAC plugin to look in “X-Hub-Signature” header ?
The “Authorization” header is hard-coded in the hmac-auth plugin.
Can we use out of box HMAC plugin to authenticate the request?
For the above reason, I am afraid that the answer is “no”. You can try hard-coding the alternative header name and see if it suffices. If that’s the case, that would be a good argument for making the header name configurable in a future version!