Security

To ensure secure communication, Okoora signs each webhook payload with a unique secret, allowing your application to verify the authenticity of each request. We recommend using HTTPS for your endpoints and validating signatures to prevent unauthorized or spoofed requests.

Best Practices

Acknowledge Quickly: Always return a 2xx HTTP status code to acknowledge receipt. Process the event asynchronously if your logic is complex.

Verify Authenticity: Validate the webhook signature using your provided secret.

Idempotency: Ensure your processing logic is idempotent (i.e., handling the same event more than once doesn’t cause unintended effects).

Monitor and Log: Keep track of incoming webhooks and your responses for auditing and troubleshooting.