Signing & Verification

This page is a placeholder. Document:

• The signing scheme (HMAC algorithm, header name, timestamp tolerance)
• How to compute and compare the signature
• Replay-attack protection (timestamp window)
• Code samples in PHP, Node.js, Python
• Testing webhooks locally with a tunnel (ngrok, Expose)
• Rotating webhook secrets