Signature
When receiving a webhook from our API, we strongly recommend verifying the signature to ensure its authenticity. Each webhook includes a signature encrypted with your API key that corresponds to the webhook's content.
Here's an example of how to verify the webhook's authenticity:
<?php
function isValidSignature(string $apiKey, string $json): bool
{
// Calculate signature HMAC with the body of the request (JSON format) and your api_key and
$calculatedSignature = hash_hmac('sha256', $json, $apiKey);
// Get signature from the header
$receivedSignature = $_SERVER['HTTP_X_SIGNATURE'];
// Compare signatures
return hash_equals($calculatedSignature, $receivedSignature);
}
Modified at a month ago