Discussions

Hi everyone, I’m currently integrating Shopline Open API with a custom backend that processes high volumes of webhook events — especially order updates PolyTrack and inventory changes. While the webhook delivery itself is stable, I’m concerned about security and reliability when validating webhook signatures at scale (e.g., ensuring that events truly come from Shopline and rejecting replay or forged requests).

I’d love to hear from others who have implemented scalable webhook verification with Shopline. Specifically:

What is your approach to verifying webhook signatures securely without introducing latency?

Do you employ idempotency checks or replay protection, and if so, how are they implemented?

If you handle millions of events, how do you scale signature validation and logging without overwhelming your infrastructure?

Any code examples, architectural advice, or pitfalls to watch for would be greatly appreciated. Thanks in advance!