Webhook: add information on where to find the secret and how to use it

glaubinix · web-flow · commit a0b95acf7433 · 2020-05-06T16:42:08.000+01:00
diff --git a/README.md b/README.md
@@ -559,6 +559,9 @@ $client->customers()->magentoLegacyKeys()->remove($customerId, $publicKey);
 ```
 
 ### Validate incoming webhook payloads
+
+When you create or update a webhook in Private Packagist an optional secret can be set. This secret gets used to create a hash signature which is sent with each request in the headers as `Packagist-Signature`. The secret and signature can then be used on your server to validate that the reuqest was made by Private Packagist.
+
 ```php
 $request = /** any Psr7 request */;
 $secret = 'webhook-secret';
