--- taskmaster_id: "4.6" status: "pending" priority: "high" depends_on: ["3"] parent_id: "4" source: "taskmaster" generated_at: "2026-05-24T07:15:25.199Z" --- # 4.6 - Specify webhook security and provider adapter contracts - [ ] 4.6 - Specify webhook security and provider adapter contracts #taskmaster #priority/high #status/pending ⏫ 🆔 tm-4-6 ⛔ tm-3 ## Metadata | Field | Value | | --- | --- | | Taskmaster ID | 4.6 | | Status | pending | | Priority | high | | Dependencies | 3 | | Parent | 4 - Define backend security and refactor strategy from latest audit | ## Description Define provider-neutral payment interface and signed webhook processing rules. ## Details Document createPayInIntent, getPayInStatus, handleProviderWebhook, createHostedPaymentLink, createReleaseInstruction, createRefundInstruction, getPayoutStatus, searchProviderPayments, raw-body signature verification, replay prevention, delivery ID idempotency, duplicate/unknown event behavior, retry semantics, dead-letter/replay storage, and alert thresholds. ## Verification Contracts cover SHKeeper legacy, Request Network, manual/admin wallet, invalid signatures, duplicate deliveries, and missed webhook reconciliation.