diff --git a/run-solid-test-suite.sh b/run-solid-test-suite.sh
index 9f35e320..e5bff550 100755
--- a/run-solid-test-suite.sh
+++ b/run-solid-test-suite.sh
@@ -5,17 +5,19 @@ set -e
 # Note that .github/workflows/solid-tests-suites.yml does not use this, this function is just for manual runs of this script.
 # You can pick different values for the NEXTCLOUD_VERSION build arg, as required:
 function setup {
-  docker build -t pubsub-server  https://github.com/pdsinterop/php-solid-pubsub-server.git#main
-  docker build -t solid-nextcloud --build-arg NEXTCLOUD_VERSION=25 .
+
+  docker build -t pubsub-server  https://github.com/pdsinterop/php-solid-pubsub-server.git#feature-secure-webhook-to-ws
+  docker build -t solid-nextcloud .
 
   docker network create testnet
 
   docker pull michielbdejong/nextcloud-cookie
-  docker pull solidtestsuite/solid-crud-tests:v7.0.5
+  docker pull solidtestsuite/solid-crud-tests:v7.0.6
+
   docker pull solidtestsuite/web-access-control-tests:v7.1.0
   docker pull solidtestsuite/webid-provider-tests:v2.1.1
 
-  docker tag solidtestsuite/solid-crud-tests:v7.0.5 solid-crud-tests
+  docker tag solidtestsuite/solid-crud-tests:v7.0.6 solid-crud-tests
   docker tag solidtestsuite/web-access-control-tests:v7.1.0 web-access-control-tests
   docker tag solidtestsuite/webid-provider-tests:v2.1.1 webid-provider-tests
 }
@@ -28,6 +30,7 @@ function teardown {
 
 function startPubSub {
   docker run -d --name pubsub --network=testnet pubsub-server
+  docker exec -it pubsub php server/serverWh2Ws.php &
 }
 
 function startSolidNextcloud {
diff --git a/solid/appinfo/routes.php b/solid/appinfo/routes.php
index 5475341a..8a7aac74 100644
--- a/solid/appinfo/routes.php
+++ b/solid/appinfo/routes.php
@@ -36,7 +36,7 @@
 	['name' => 'solidWebhook#register', 'url' => '/webhook/register', 'verb' => 'POST'],
 	['name' => 'solidWebhook#unregister', 'url' => '/webhook/unregister', 'verb' => 'POST'],
 
-	['name' => 'solidWebsocket#register', 'url' => '/websocket/register', 'verb' => 'POST'],
+        ['name' => 'solidWebhook#registerWs', 'url' => '/websocket/register', 'verb' => 'POST'],
 
 	['name' => 'app#appLauncher', 'url' => '/', 'verb' => 'GET'],
 ];
diff --git a/solid/lib/Controller/SolidWebhookController.php b/solid/lib/Controller/SolidWebhookController.php
index 5846097d..55e84fba 100644
--- a/solid/lib/Controller/SolidWebhookController.php
+++ b/solid/lib/Controller/SolidWebhookController.php
@@ -76,6 +76,31 @@ public function listWebhooks(): DataResponse {
 		return new DataResponse($this->webhookService->findAll($this->webId));
 	}
 
+	/**
+	 * @PublicPage
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 */
+	public function registerWs(string $topic): DataResponse {
+		$toSub = "http://pubsub:8081";
+		$toPub = "http://pubsub:8082";
+		// FIXME: is this secure enough?
+		// https://www.php.net/manual/en/function.random-bytes.php says it
+		// generates "cryptographically secure pseudo-random bytes"
+		$token = bin2hex(random_bytes(20));
+		$target = "$toPub/$token";
+		if ($this->checkReadAccess($topic)) {
+			$webhook = $this->webhookService->create($this->webId, $topic, $target);
+			return new DataResponse([
+				"@context" => "https://www.w3.org/ns/solid/notification/v1",
+				"type" => "WebSocketSubscription2021",
+				"source" => "$toSub/$token"
+			]);
+		} else {
+			return new DataResponse("Error: denied access", 401);
+		}
+	}
+
 	/**
 	 * @PublicPage
 	 * @NoAdminRequired