For most use cases our standard approach for webhooks is sufficient but if you have advanced security requirements, you can make use of our secure webhook feature.
SMSto offers the ability to sign any webhook events it sends to your endpoints by including a signature in each event through the X-SMSto-Signature header.
This allows you to verify that the events were sent by SMSto, not by a third party. You can verify signatures either using our official class \Intergo\SmsTo\Module\Webhook\Signature, or manually using your own solution. The webhook secret is retrieved from your account.
Keep in mind that for every new endpoint provided a new webhook secret is generated.
The detailed technical documentation of the feature is documented here: SMSto GitHub - Webhook-Signature