Verify Signatures
All webhook requests come with a signature in the fullmethod-signature header. This is a way to verify that the webhook request came from Go Method. You can perform a verification by providing the event payload, the fullmethod-signature header, and the endpoint's signature secret.
The fullmethod-signature header included in each webhook event contains a timestamp and one signature. The timestamp is prefixed by t=, and the signature is prefixed by a signature. For example: fullmethod-signature: t=1674781463,signature=7e36810445db0d5bdae0df891bf8be7be1b2d1f3