1. IP Whitelisting
  2. Signature validation
With this method, you only allow certain IP addresses to access your webhook URL while blocking out others. Pila will only send webhooks from these IP addresses: 20.112.64.208 Events sent from Pila carry the x-pila-signature header. The value of this header is a HMAC SHA256 signature of the event payload signed using your secret key. Verifying the header signature should be done before processing the event:
Javascript
var crypto = require('crypto');
var secret = process.env.SECRET_KEY;

// Using Express
app.post("/webhookurl", function(req, res) {
    //validate event
    const hash = crypto.createHmac('sha256', secret).update(JSON.stringify(req.body)).digest('hex');

    if (hash == req.headers['x-pila-signature']) {
    // Retrieve the request's body
    const event = req.body;
    // Do something with event  
    }
    res.send(200);
});