The doc says:

To ensure that your server only processes webhook deliveries that were sent by your Memos install and to ensure that the delivery was not tampered with, you should validate the webhook signature before processing the delivery further.

But there is no documentation describing how the signature was done or how should one verify the signature. Also I checked memos source code it seems like there is no signature. Is the doc wrong or am I looking in the wrong place?