When a webhook is configured, a unique signature key is generated and given in the webhook response. The value of this header is an HMAC-SHA256. This signature key is used to sign the webhook payloads, which are sent to your endpoint with the signature key name x-acquire-signature.
When you create a new webhook you have to allocate/add HMAC/Secret Key.
Verify Signature -
All outbound requests keep a hash authenticated header key using the standard SHA256 hash in the header x-acquire-signature. To verify the signature on your server generate a SHA256 hash and compare it with the hash sent in the Acquire header x-acquire-signature. You will need the HMAC/Secret Key that you provided in the webhook creation.