Collapse retries at ingestion
identifier dedup keys on the webhook-id header (then a provider event id), so most provider retries never become a second event. It’s load reduction, not a guarantee — the next two layers cover the rest.Deliver only what you verified
--require-verified forwards only events whose source was authenticated (the verified and authenticated states); an unattempted event is dropped by the filter, and a failed one is blocked outright. Your receiver can trust that a signed delivery is genuine.