Endpoint privado. Autenticação obrigatória via header X-Goat-Auth.
X-Goat-Auth
Webhook receiver: POST /webhook
POST /webhook
Proxy endpoints: /orders, /payments, /products
/orders
/payments
/products