Verify hub.secret using PHP

I am trying to work with the hub.secret. I send my secret but am unsure how to validate the hash as it comes back.

I successfully grab the X-Hub-Signature but from there not a clue how to compare it to my secret code.

I haven’t touched PHP in a while, but it should look roughly like this:

// If the request is a POST request then we're getting a real webhook callback.
    // Default to not verified state.
    $isVerified = FALSE;
    // Get the signature from the headers
    // Only test if there's possibly a signature
    if(!empty($sig)) {
        // Read the raw POST data
        $data = file_get_contents("php://input");
        // Calculate a hash and prepend the algorithm to match the signature
        $hash = 'sha256=' . hash_hmac('sha256', $data, $mySecret);
        // Compare the calculated and signature hash strings
        $isVerified = $hash === $sig;
    // ... Go on forth!

Thank you for this. I’ll give it a try and report back.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.