Webhooks Security

Each webhook call tries to authenticate itself by sending an Authorization HTTP Header which is a bearer token. The token consists on the request body (an Order or User object) JWT-signed using a private key generated for your setup. You can request the public key from our team.

Authorization: Bearer <token>