NotificationsPerformance webhooksSecurity and authenticityBefore you beginStepsStep 1. Require HTTPSStep 2. Read required headersStep 3. Validate the signatureStep 4. Enforce a replay windowStep 5. Confirm seller authorizationStep 6. Persist and deduplicateStep 7. Acknowledge correctlyStep 8. Log and monitorStep 9. Rotate secretsStep 10. Test end to endReferenceNext stepsReference guideRelated