For security purposes, Facebook provides a payload signature of the payload of all webhook callbacks that we can use to verify the integrity and origin of the payload:
https://developers.facebook.com/docs/messenger-platform/webhook-reference#security
We are not performing this verification.
This should probably be done in the MessageQuickly::WebhooksController before processing the callback data
For security purposes, Facebook provides a payload signature of the payload of all webhook callbacks that we can use to verify the integrity and origin of the payload:
https://developers.facebook.com/docs/messenger-platform/webhook-reference#security
We are not performing this verification.
This should probably be done in the
MessageQuickly::WebhooksControllerbefore processing the callback data