Confirming that a webhook really came from Stripe and wasn't faked by someone else. Your code recomputes a hash using your signing secret and checks it against the one Stripe attached to the request.