# Best Practices #### 1. **Always Verify Signatures** Never skip signature verification. This is your primary defense against fraudulent webhooks. #### 2. **Use HTTPS Endpoints Only** Paymento only sends webhooks to HTTPS URLs to ensure data security in transit. #### 3. **Respond Quickly** Your webhook endpoint should respond with a `200 OK` status code within 5 seconds. Do heavy processing asynchronously. #### 4. **Handle Idempotency** Webhooks might be delivered more than once. Use the `event.id` to track processed events and avoid duplicate processing. #### 5. **Log Everything** Keep detailed logs of all webhook requests for debugging and auditing. #### 6. **Test Your Endpoint** Use the "Test Webhook" feature in the Paymento dashboard to verify your endpoint is working correctly before going live. #### 7. **Use Environment Variables** Never hardcode your secret key. Use environment variables or secure configuration management. #### 8. **Handle Errors Gracefully** If your endpoint fails, return appropriate HTTP status codes: * `200` - Successfully received and processed * `401` - Invalid signature * `500` - Internal server error (Paymento will retry) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.paymento.io/payment-links/webhooks-for-payment-links/best-practices.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.