replay-protection

A webhook endpoint is an internet-facing parser plus an authentication problem. I verify signatures, enforce recent timestamps, and store event IDs to block replay attempts. Reliability matters too, so handlers should be idempotent and fast to acknowl