Webhook endpoints can also be managed in the KeyStone Dashboard under Settings > Webhooks - no code required.
create
list / get / update / delete
test
rotate_secret
Previous secret stays valid for 24 hours.list_deliveries
verify_signature
Synchronous, local operation - no API call.Use
await request.body() (raw bytes) for signature verification, not await request.json(). Parsing can change whitespace and break the signature.