To verify that a webhook you receive on your server was sent by Checkout.com, you need to validate incoming webhook signatures.
Webhooks sent by Checkout.com always include a Cko-Signature header. Verify the signature using your secret key to confirm that the webhook is authentic.