This approach is largely based on the webhook signing approach used by Plaid. See their docs for context: https://plaid.com/docs/api/webhooks/webhook-verification/.
It's a simple approach that works using JWTs.
Assume a generated key pair.
import axios from 'axios';