The secret key has also to be set
While sending REST request, WCS calculates HMAC md5 hash of request body and places hash to the header
Here f2a40d5f3ec6a43d294a11c1746d3801 is a hash example
The backend server that receives REST request, must calculate HMAC md5 hash of request body using secret key and compare this hash with received one in request header. If hashes are equal, the request is authorized and server must respond to it according REST hook type, restClientConfig settings etc. If hashes are not equal, server must return 403 Forbidden.