Created
May 27, 2021 19:58
-
-
Save fhferreira/0f1ed167ba38089c2e6a4b35ec357315 to your computer and use it in GitHub Desktop.
Verify signature webhook - hash_hmac sha256
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $webhook = fopen('php://input', 'rb'); | |
| $webhook_content = ""; | |
| while (!feof($webhook)) { | |
| $webhook_content .= fread($webhook, 4096); | |
| } | |
| fclose($webhook); | |
| $webhook_data = json_decode($webhook_content, true); | |
| $signature = $webhook_data["signature"]; | |
| unset($webhook_data["signature"]); | |
| $object = MODEL::where('id', 'x')->first(); | |
| //Chave privada interna da api que envia o webhook | |
| $private_key = $object ? $object->private_key : null; | |
| //conecta todos os items do post body via implode | |
| $to_hash = implode("#", $webhook_data); | |
| $my_hash = hash_hmac("sha256", $to_hash, $private_key); | |
| if($my_hash === $signature) { | |
| //DO THE ACTION | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment