Add docs for webhook security model and how creators should verify incoming requests

[Chucks1093]

Summary

Creators receiving webhook callbacks need to know how to confirm a request actually came from AccessLayer and was not forged by a third party. Without a verification mechanism documented, creators have no way to trust the payload.

Scope

• Document the webhook request signature scheme: which header carries the signature, what is signed (e.g. timestamp + body), and which algorithm is used
• Provide a step-by-step verification guide with a pseudocode example
• Explain the replay attack protection mechanism (e.g. timestamp window)
• Add a note on what to do if signature verification fails: return 400, do not process the payload

Acceptance Criteria

• Signature header and signing algorithm documented
• Step-by-step verification guide with pseudocode
• Replay protection mechanism explained
• Recommended response on verification failure stated

ETA: 12 hours

---

Coordinate on Telegram

[dhareymu]

@dhareymu has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi maintainer, abeg gimme this project 🙏🙏😭😭

ℹ️ Repo Maintainers: To accept this application, review their application or assign @dhareymu to this issue.

[graceshaba93]

@graceshaba93 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hello maintainer, I can fix this issue.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @graceshaba93 to this issue.

[bheesty]

@bheesty has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi maintainer, i can fix this issue if you give me the opportunity to. Kindly assign

ℹ️ Repo Maintainers: To accept this application, review their application or assign @bheesty to this issue.

[Okorie2000-code]

@Okorie2000-code has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi maintainer, can I work on this?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Okorie2000-code to this issue.

[chiscookeke11]

@chiscookeke11 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi
let me take care of this ASAP

ℹ️ Repo Maintainers: To accept this application, review their application or assign @chiscookeke11 to this issue.

[drips-wave]

Congratulations, @chiscookeke11! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @chiscookeke11: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[grantfox-oss]

🦊 GrantFox — @chiscookeke11 has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #554)
2. Your PR will be reviewed by the accesslayerorg maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@chiscookeke11's PR #566 was approved and merged by @Chucks1093.

🏆 @chiscookeke11: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (366 total points). Track your full progress on GrantFox.

👏 Great work, @chiscookeke11! Keep contributing to accesslayerorg.

[drips-wave]

This issue has been completed by @chiscookeke11 as part of the Stellar Wave Program's 6th Wave 🥳

😎 @chiscookeke11: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.