This method verifies the received webhook notification if its coming from legitimate source otherwise reject it. For payload explanations for both request and response, click here 
using OneKhusa.SDK; 
using OneKhusa.SDK.Models.Merchants.Webhook; 

//code omitted for brevity 

OneKhusaResponse<VerifyWebhookResponse> response = await client 
    .Merchants 
    .Webhooks 
    .VerifyWebhookAsync(new VerifyWebhookRequest 
    { 
        MerchantAccountNumber = 12345678, 
        EventCode = "payrequest.success", 
        WebhookSignature = "2c26b46b68ffc68ff99b4..." 
    }); 
    
if (response is { IsSuccess: true, Data: not null }) 
{
    Console.WriteLine($""" 
        MerchantAccountNumber: {response.Data.MerchantAccountNumber};  
        IsSignatureValid: {response.Data.IsSignatureValid} 
    """); 
    Console.ReadLine(); 
    return; 
} 
//it means an error has occurred: RFC7807 compliant error object
Console.WriteLine($"""
        Type: {response.Error?.Type};
        Title: {response.Error?.Title};
        Detail: {response.Error?.Detail};
        ErrorCode: {response.Error?.ErrorCode};
        Status: {response.Error?.Status};
        Instance: {response.Error?.Instance};
        Errors: {string.Join(";", response.Error?.Errors ?? [])}
""");
Console.ReadLine();