Verify a Webhook if from GoCoin with a unique signature
To prevent vulnerability to an attacker sending a falsified webhook
1. Create a secret key, and store it in you database or application's environment.
2. Choose several fields you will use every time you create an invoice, ie. customer_name, customer_email, base_price, and base_price currency.
3. On Invoice::Create, before you send the request, hash the values to be sent in those fields with the secret key you stored.
4. Store the resulting value in the `"user_defined_8"` (any of the user_defined fields will work) or `"data"` field in the invoice.
5. When you receive a webhook, it contains the full invoice object. Hash the same fields together with the secret key from the database, and compare it to the value in the field you used for your signature.