PHP:
<?php
// Message validation using Webhook Standards library
require_once __DIR__ . '/../src/addons/BHWMP2/Portal/_libs/standard-webhooks/init.php';
$webhookSecret = 'your-secret-key-here';
$webhookPayload = file_get_contents('php://input');
$webhookHeaders = [
// Unique ID for the event that triggered the webhook, which remains the same when webhook is retried
'webhook-id' => $_SERVER['HTTP_WEBHOOK_ID'] ?? null,
// Unix timestamp of when the webhook request was sent (does not represent the time the event occurred)
'webhook-timestamp' => $_SERVER['HTTP_WEBHOOK_TIMESTAMP'] ?? null,
// Webhook signature generated using the secret key
'webhook-signature' => $_SERVER['HTTP_WEBHOOK_SIGNATURE'] ?? null,
];
$wh = new \StandardWebhooks\Webhook($webhookSecret);
try
{
$data = $wh->verify($webhookPayload, $webhookHeaders);
}
catch (\StandardWebhooks\Exception\WebhookVerificationException $e)
{
throw new \RuntimeException('Webhook signature is invalid - ' . $e->getMessage());
}
// $data is the full payload sent to the webhook and it has not been tampered with