example.com
and www.example.com
you must whitelist both domains. Wildcards are not accepted.verificationToken
parameter in the JSON
request body. You should store this token in your server-side application (not in a public repo!) and verify it prior to accepting any server-to-server requests from Mason.