For most use cases our standard approach for webhooks is sufficient but if you have advanced security requirements, you can make use of our secure webhook feature.

SMS.to offers the ability to sign any webhook events it sends to your endpoints by including a signature in each event through the X-SMSto-Signature header.

This allows you to verify that the events were sent by SMS.to, not by a third party. You can verify signatures either using our official class \Intergo\SmsTo\Module\Webhook\Signature, or manually using your own solution. The webhook secret is retrieved from your account. 

Keep in mind that for every new endpoint provided a new webhook secret is generated.

The detailed technical documentation of the feature is documented here: SMS.to GitHub - Webhook-Signature

If you have any questions, please send an email to support@sms.to