The developer is able to access the signature of WebHook Request
Let me give a brief on why I think this is a security issue
Consider a software solution integrated with RazorPay
- Customer of the software solution logs in to RazorPay sets up a webHook
- During the processing of the webHook, developer can access the signature after encoding
- This makes it so that the developer can manually send the WebHook Request which shouldn't be possible
The developer is able to access the signature of WebHook Request
Let me give a brief on why I think this is a security issue
Consider a software solution integrated with RazorPay