Webhook validation using app token

New Member
1 0 0


We have created an app for stores, and will be using webhooks.  I have previously registered for webhooks via the GUI, and API, and have validated the HMACs successfully.   Currently, I am registering the webhooks using the app token in the header, but am not sure what secret I should be using to validate the webhook once it arrives.  When you go through the GUI, you are given a secret on the bottom of the page.  When you create a private app, you are given a shared_secret.  When the app is installed, all I am getting is a token, so I am not sure what to use to validate the webhook. 

Thank you