#Kamon-webhook-verification

Hi there

As long as you are verifying the signature then your endpoint will be secure

That will guarantee that the Event was sent from Stripe

You should refer to https://stripe.com/docs/webhooks/best-practices for things like duplicate events which are definitely possible and you want to handle

Kamon-webhook-verification

That's good to know!

I read all of that, but in the verify section it mentioned " Additionally, Stripe sends webhook events from a set list of IP addresses. Only trust events coming from these IP addresses."

Just wanted to check if doing so was necessary if we're verifying signatures.

Yep that's correct. You shouldn't need to check that but it can be an easy way to debug if someone else is trying to hit your endpoint

Up to you if you want to block all other IPs for that endpoint

Okay, that's great to know, thank you!

Are there any other best practices or things you'd suggest doing that aren't listed in the best practices doc?

Not really, no!

If you are doing that stuff then you are well on your way

Fantastic, thank you!

One last thing, is the livemode property on the event object only present for connected account webhook events? Is there anything similar for non-connect account webhook events for test mode events?

Yep only present for Connect webhooks

For direct endpoints you will never receive a testmode event to a live mode endpoint or vice-versa

This is a quirk of Connect webhooks

So, basically, if the livemode and the account properties on an event object are present, then it's always a connect event?

What's the way to differentiate between setting a test mode endpoint and a live mode endpoint? I'm not seeing a way when adding an endpoint to the webhook dashboard or the CLI.

When you are in the Dashboard if you are in testmode then you will create a testmode endpoint

You flip between live/test in the top right of your Dashboard