webhook callback security
I am working with a client to integrate Smartsheet with their other system through the use of API and REST services. One of the things that got me interested is the use of webhooks to monitor what is happening in Smartsheet and to follow our event-driven architecture. My concern is, if I read the documentation correctly, I do not see configuration to provide authentication type for the callbackURL. Does this mean, Smartsheet is posting data to the callbackURL without any authentication and juet let the application / endpoint receiving the callback to check the authenticity of the message based on the secret key?