Why verify
Webhook signatures protect you from spoofed callbacks.How to verify
- Retrieve the signature header sent with the callback
- Compute your own signature using the shared secret
- Compare calculated vs received values
Related
- Callbacks reference: /ipg/callbacks
- Troubleshooting: /cpanel/troubleshooting/webhook-debugging