Security Aspect of WebHook

[Seng Zhe Yep]

Hi,

I am very interested to implement WebHook for my current task, however the only problem I am face with is that the backend processing of the recipient is basically exposed to the web .  How do you secure the invocation is by the correct source and not abused by hackers ? 

I thought of a way to do this but I would like to hear you guys' discussion:

 when application register to listen to a specific API , a token is given by the application to the API . When event happened , the token is passed by to the application. 

Or do you guys have a better idea to implement in a better and standardised way ? I would like to hear how do you guys solve this problem.

Thanks,

Seng Zhe