Authentication of Webhook Notification and Encrypt the payload?

I am developing Salesforce and Zoom Integration. Create a webhook listener class of Salesforce to receive the message from Webhook.

  1. Does webhook payload need to be authenticated? It looks like no. I open the message and can see every thing. So in Salesforce side, the doPost Rest API method does not need to authenticate. And can get the payload string easily. How do we do for the security of the payload?

  2. The payload string is not encrypted. It is plain text. Is it possible encrypted and then Salesforce listener class to decrypt it?

Can you please answer above questions?