Why verify
Webhook signatures protect you from spoofed callbacks.How to verify
- Retrieve the signature header sent with the callback
- Compute your own signature using the shared secret
- Compare calculated vs received values
Related
- Callbacks reference: /h2h/ipg/callbacks
- Troubleshooting: /h2h/cpanel/troubleshooting/webhook-debugging