Provide a query parameter on top of the webhook URI, like this: https://your-endpoint.com?sig=Guid. With each notification, check that the query parameter sig has the expected value Guid.
• Create a GUID using Powershell using below command :
• Register the GUID in the partner center.
• Add the GUID to the Resource Manager Template
Reference : https://docs.microsoft.com/en-us/azure/marketplace/azure-partner-customer-usage-attribution
Second, how do I grant permission for my service to perform the GET operation on the managed application instance? Is there a way I can grant a role to a principal ID to the managed application instance itself during deployment? I know I can grant authorization to the managed resource group, but how can I grant a role to the managed application instance?
If you register you managed application in the Azure AD, then no additional permissions is required. You will be performing the GET operation in the same way as POST operation.
Reference : https://docs.microsoft.com/en-us/azure/marketplace/azure-app-apis