Theoretically you only should receive the traffic you expect if you’ve only added this to a place like Sendinblue webhook configurations. In general it is a best practice to validate that the data you’re processing match the expected shape. I’d do it the opposite way and check for the presence of properties in the HTTP payload that you know come from Sendinblue webhooks.
I remember we also discussed a way to only emit events when you received a request from the Sendinblue IP range, which is their recommended way to validate the event originates from them: Question about Pipedream - considering using Pipedream - #4 by dylburger .