The webhook secret is stored, and there is an endpoint which receives webhooks. The webhook endpoint needs to validate against the secret. But past that, what can we do with webhooks?
