Created
June 29, 2023 09:09
-
-
Save danilopolani/7add9e723636e4c9f3fdd06b8c945cc6 to your computer and use it in GitHub Desktop.
Zendesk webhook signature validation with Laravel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // $request comes from your Controller method, but you can adjust with whatever framework you use | |
| $signature = $request->header(ZendeskSupport::WEBHOOK_SIGNATURE_HEADER), | |
| $timestamp = $request->header(ZendeskSupport::WEBHOOK_SIGNATURE_TIMESTAMP_HEADER), | |
| $rawBody = $request->getContent(); | |
| $computedSignature = base64_encode(hash_hmac( | |
| 'sha256', | |
| $timestamp . $rawBody, | |
| 'my_secret_key', | |
| true // <--- Important: retrieve it in binary format, not lowercase hexits! | |
| )); | |
| if ($computedSignature !== $signature) { | |
| throw new \Exception('signature mismatching'); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment