Builds the verify-webhook-signature request body, or undefined when it
cannot be verified at all (missing headers / empty body / no webhook id) —
callers must answer false without a network call in that case.
The raw body is spliced in VERBATIM as the webhook_event value: PayPal
verifies the exact delivered bytes, and parsing + re-stringifying (different
key order / whitespace) makes verification fail. Hence string concatenation
instead of JSON.stringify over a parsed object.
Builds the verify-webhook-signature request body, or undefined when it cannot be verified at all (missing headers / empty body / no webhook id) — callers must answer
falsewithout a network call in that case.The raw body is spliced in VERBATIM as the
webhook_eventvalue: PayPal verifies the exact delivered bytes, and parsing + re-stringifying (different key order / whitespace) makes verification fail. Hence string concatenation instead of JSON.stringify over a parsed object.