Hello!
I would like to check the validity of the POST call that we will receive on the Production Server URL, before actually verifying the signature and decoding the payload.
But I can't find anywhere in the documentation a way to check that those calls are in fact from Apple. Any particular headers we should check for, any IPs that should be whitelisted?
Thanks in advance!