Basic information about Pley webhooks and their implementation.
Pley signs all requests sent to your endpoints with a HMAC SHA256 signature in accordance with https://github.com/standard-webhooks/standard-webhooks specification.
Feel free to use their pre-built client libraries to ease the implementation of verifying these signatures.
Cached Webhooks
Webhook calls to Pley are cached for 24 hours, meaning Pley does not call the endpont with the same parameter within 24 hours (including invalid responses). This means that if your server returns a bad response for a given user, it will take up to 24 hours before this user can authenticate again.
If you need your cache cleared during development, please reach out to Pley!