Which API key is used to sign the payload for is used to authenticate a Sendbird web-hooks "x-sendbird-signature"?

Sendbird has multiple API tokens available in the Sendbird Dashboard → Settings → General → API tokens. There is one Master API token that is masked and there is a tool in the Dashboard to create Sub API Token.

Only the master API token. Therefore, take steps to mask and protect it for production services. If at any point your master API token is compromised, please contact Sendbird urgently via dashboard (Dashboard | Sendbird)