--- taskmaster_id: "4.6" status: "done" priority: "high" depends_on: ["3"] parent_id: "4" source: "taskmaster" generated_at: "2026-05-28T11:49:27.076Z" --- # 4.6 - Specify webhook security and provider adapter contracts - [x] 4.6 - Specify webhook security and provider adapter contracts #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-6 ⛔ tm-3 ## Metadata | Field | Value | | --- | --- | | Taskmaster ID | 4.6 | | Status | done | | Priority | high | | Dependencies | 3 | | Parent | 4 - Define backend security and refactor strategy from latest audit | ## Description Define provider-neutral payment interface and signed webhook processing rules. ## Details Document createPayInIntent, getPayInStatus, handleProviderWebhook, createHostedPaymentLink, createReleaseInstruction, createRefundInstruction, getPayoutStatus, searchProviderPayments, raw-body signature verification, replay prevention, delivery ID idempotency, duplicate/unknown event behavior, retry semantics, dead-letter/replay storage, and alert thresholds. ## Verification Contracts cover SHKeeper legacy, Request Network, manual/admin wallet, invalid signatures, duplicate deliveries, and missed webhook reconciliation.