My question is regarding the signature key to authenticate the request. It's difficult to test since there's not a sandbox for partners. If the webhook creation is occurring via API using the access tokens, will the signature key be our partner signature key instead of the merchant's signature key?
If not (the signature key is the merchant's signature key), is there any signature key sharing mechanism for our clients (the merchant) to share the key with us? I'm not sure it's going to go over too well to ask for them to email us their key, and I don't believe that to be a great way to share it. I know there are programs for such; however, the technical compentency of the merchant account adminstrator varies greatly. I'm just hoping someone might be able to give me insight on a frictionless process.