Docs: Update External Controls to Clarify X-Gitlab-Hmac-Sha256

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Label this issue

Start this issue's title with Docs: or Docs feedback:.

Problem to solve

Product/feature affected: External Status Checks API (Security & Compliance)

Docs affected: External Status Checks API documentation

External Controls

Problem: The current documentation for HMAC-SHA256 signature generation in the External Controls API does not clearly specify that the values must be concatenated in a specific order (timestamp + nonce + path + data) when computing the signature. This ambiguity can lead to signature failures when customers implement external status check integrations.

Further details

Content to add:

Clarify the HMAC-SHA256 signature generation process by:

Explicitly stating the required concatenation order: timestamp + nonce + path + data

Use cases and benefits:

Enables faster implementation of external controls for compliance workflows

Goals:

Eliminate ambiguity in signature generation process

Proposal

Who can address the issue

I will open up the MR for updating the docs for this

Docs: Update External Controls to Clarify X-Gitlab-Hmac-Sha256

Problem to solve

Further details

Proposal

Who can address the issue

Other links/references