Verify signature
Validate incoming signature on the raw body bytes before processing to secure your endpoint. See Webhook signature verification.
Parse and validate payload
Convert the verified raw payload to JSON and check the event direction (
direction: "inbound" vs direction: "outbound").Deduplicate events
Use the
svix-id (or webhook-id) HTTP header as an idempotency key. Check your database/cache to ensure you have not processed this event ID before.Acknowledge quickly
Return a
200 OK response to Wazapin within 3 seconds to prevent delivery retries. Queue the event payload for asynchronous processing.