From c1d2831709a818739a22b787d9666928c0e37b04 Mon Sep 17 00:00:00 2001
From: Traci Porter <traci.porter@bigcommerce.com>
Date: Thu, 30 Jan 2025 10:52:50 -0600
Subject: [PATCH] DEVDOCS-5811: [update] for webhook security (#751)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!-- Ticket number or summary of work -->
# [DEVDOCS-5811]


## What changed?
Updating the security information as the requirements for this ticket
changed and never were updated in the docs

## Release notes draft

bug Fix
<!-- Provide an entry for the release notes using simple, conversational
language. Don't be too technical. Explain how the change will benefit
the merchant and link to the feature.

Examples:
* The newly-released [X feature] is now available to use. Now, you’ll be
able to [perform Y action].
* We're happy to announce [X feature], which can help you [perform Y
action].
* [X feature] helps you to create [Y response] using the [Z query
parameter]. Now, you can deliver [ex, localized shopping experiences for
your customers].
* Fixed a bug in the [X endpoint]. Now the [Y field] will appear when
you click [Z option]. -->
*

## Anything else?
<!-- Add related PRs, salient notes, additional ticket numbers, etc. -->

ping {names}


[DEVDOCS-5811]:
https://bigcommercecloud.atlassian.net/browse/DEVDOCS-5811?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
---
 docs/integrations/webhooks/https-webhook-overview.mdx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/integrations/webhooks/https-webhook-overview.mdx b/docs/integrations/webhooks/https-webhook-overview.mdx
index 0e32266da..0a5061154 100644
--- a/docs/integrations/webhooks/https-webhook-overview.mdx
+++ b/docs/integrations/webhooks/https-webhook-overview.mdx
@@ -193,7 +193,8 @@ After the final retry attempt (cumulatively **48 hours** after the first deliver
 
 To ensure webhook callback requests are secure, BigCommerce takes the following precautions:
 
-* Create webhook requests to accept an optional header object in every HTTP webhook, which you can use to authenticate callback requests. 
+* Create webhook requests to accept a header object in every HTTP webhook, which you can use to authenticate callback requests. 
+* We advise merchants to use libraries provided by [Standard Webhook](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries) to verify the legitimacy of the events. 
 * A timestamp is used to protect against replay attacks.
 * We recommend validating the signature and timestamp before processing any webhook event.