The message we send by POST to the url webhook you registered

HMAC Signature

Decode and validate the signature 
$secret_key = env('ZUWINDA_WEBHOOK_KEY', 'Your webhook secret key');
$post_data = file_get_contents('php://input');
$json = json_decode($post_data);
$signature = hash_hmac('sha256', json_encode($json->data), $secret_key);
if ($request->header('X-Zuwinda-Signature') == $signature) {
    $data = $json->data;
    if ($data->event == "messaging.whatsapp.message.incoming") {
       Your logic here
    }
}