Enabling HMAC security logic by setting `AbstractEventSubscription.SecretKey` has no effect

[jansokoly]

While trying to enable HMAC security logic for webhook requests, I've stumbled on why something like this has no effect:

await signNowContext.Events.CreateEventSubscriptionAsync(new CreateEventSubscription(EventType.DocumentFieldInviteSent, entityId, callbackUrl) { SecretKey = "SomeHmacSecretKey" });

Turns out there are actually 2 places where SecretKey can be set when subscribing to an event:

• SignNow.NET/SignNow.Net/Model/Requests/EventSubscriptionBase/AbstractEventSubscription.cs

  Line 37 in 7122c31

  public string SecretKey { get; set; }

• SignNow.NET/SignNow.Net/Model/Requests/EventSubscriptionBase/EventCreateAttributes.cs

  Line 54 in 7122c31

  public string SecretKey { get; set; }

So, to enable HMAC when subscribing to an event, it's possible to achieve it like this:

await signNowContext.Events.CreateEventSubscriptionAsync(new CreateEventSubscription(EventType.DocumentFieldInviteSent, entityId, callbackUrl) { Attributes = new EventCreateAttributes { CallbackUrl = callbackUrl, SecretKey = "SomeHmacSecretKey" } });

I'm not sure what the idea is with having 2 of these keys, but the one among Attributes seems to be more consistent with API.
Is there any purpose for AbstractEventSubscription.SecretKey actually?
Also, I think it would be handy to be able to pass SecretKey as an optional param in CreateEventSubscription constructor.