I have created an area called "webhook" inspired by module-webapi. I've set the webhook area master controller via:
<preference for="Magento\Framework\App\FrontControllerInterface"
type="MyMod\Webhook\Controller\WebhookController"/>
\Magento\Framework\Webapi\Authorization is being passed to the controller but I am not sure where that is being defined. As far as I know this constructors injection is handled by XML.
My end goal here is to authenticate with a Webhook secret token rather than module-webapi's OAuth-based authorization.
