...
Extract the request body as string.
Extract timestamp from the Signature header.
Concatenate timestamp and request body - use dot as separator:
<timestamp>.<requestBody>.<timestamp>Use HMAC-SHA256 algorithm to compute the hexadecimal hash of string created in previous step. Use your hook secret as a HMAC key.
...