Webhook verification is optional, but highly recommended. Upon verification success, the verify function will return the payload. You can get the signature from the X-Vartiq-Signature header. If you provided your own signature header name, you can use that instead. 
const verifiedPayload = vartiq.verify(payload, signature, webhookSecret);

Manual Verification

You can also manually verify the webhook by computing the HMAC signature yourself. 
const signature = crypto.createHmac("sha256", webhookSecret).update(payload).digest("hex");