How to validate the authenticity of a webhook payload?
We are currently working on integrating the API of quarterly payments, and we saw that part of it works with a webhook.
It's a common practice to use a signed signature that could be validated on the receiving end, in order to make sure the source of the webhook is valid and trusted.
This could help as a reference implementation: https://docs.github.com/en/developers/webhooks-and-events/securing-your-webhooks
Posted by Dotan Simha 6 months ago