Delivery status callbacks (HMAC-SHA256 signed)
Deliveries are POSTs with X-Webhook-Event and X-Webhook-Signature: sha256=<HMAC of body> headers, signed with the webhook's secret.
X-Webhook-Event
X-Webhook-Signature: sha256=<HMAC of body>