# 07 Webhooks

Webhook design goals:

- Multi-merchant event routing
- Idempotent processing
- Retry-safe handlers
- Event logging and replay support
- Signature verification (`X-Uber-Signature` HMAC SHA256 with client secret)

Current ingestion endpoint: `POST /api/v1/webhooks/uber`

Acknowledgement behavior:

- Valid webhook events are acknowledged with `200` and empty body
- Duplicate retries are de-duplicated and still acknowledged with `200`