Every time a new message is received or there is a new status of a message, the server receives a notification in the endpoint confrigured in the Webhook. To be sure the request comes from WhatsApp Cloud API Servers, the request contains a header with a signature, you can configure the WhatsApp client to verify the signatures before process the message.
To do this, first you need to set the Application Secret in the property ServerOptions.Application.Secret and enable VerifySignature property.
Once configured, every time a new message is received, first the signature is verified, and if it's wrong, returns an error 500 and the message is not processed.