X-Signature header field. This field contains a base64-encoded RSA PKCS#1 v1.5 signature of the SHA-256 digest of the request body buffer.
You can obtain the public key for Webhook authentication from Webhook.public_key of the corresponding Webhook.
You can obtain the public key for success callback authentication from GET /public_key/.
Please note that CHIP is not responsible for any financial losses incurred as a result of failing to implement payload signature verification.