Are there any ways to validate that PlayFab webhook calls from the Analytics Webhooks definitions are actually from PlayFab? I don't see any sort of keys or preshared secrets or anything.
I get a little worried that someone could figure out the URL and send something over that looked like it was from PlayFab. Not hugely concerned, but it does mean I have to be careful about designing my webhook handlers.