With the changes it’s still validating just the test webhooks? Also recently we discovered an issue with the keys. The team recommends that apps use the raw bytes from the request rather than converting the object representation in your language back to bytes for signature validation. 