Verifying RecurrentApplicaitonCharge return URL call

6 0 1

Dear community, 

I'm setting up my first App and are working on the billing part of it. I plan to use the RecurrentApplicationCharge option for creating a monthly charge - and that all works. 

However, I am not sure how to verify/authenticate the call that Shopify makes to my App (the "return_url") after the user has accepted the App charge. The request made by Shopify to my App contains no hmac parameter nor a X-Shopify-Hmac-Sha256 header. 

All other requests made by Shopify to my App contain some form of verification/authentication mechanism. 

How do I verify the request made by Shopify to the specified return URL?

Thank you for the help.