Gava checkout lookup in Wordpress

gava.php

<?php

//Plugin's full code at https://github.com/ihatehandles/gava-for-woocommerce

class WC_Gava extends WC_Payment_Gateway {

	/**
	 * Fetches checkout with given hash.
	 * A return of false generally means the checkout is not valid to us
	 * Will exit with error for the other scenarios
	 *
	 * @param string $hash Checkout hash
	 * return object|false
	 */
	function fetchCheckout($hash)
	{
		//Get checkout, confirm sig
		$endpoint = rtrim($this->checkoutUrl, '/') . '/checkout/details/' . $hash;

		$response = wp_remote_get($endpoint);

		if (is_wp_error($response)) {
			return false;
		}

		$responseCode = wp_remote_retrieve_response_code($response);

		if ($responseCode !== 200) {
			$this->callbackError('Non-200 status during checkout fetch');
		}

		$checkout = json_decode(wp_remote_retrieve_body($response));

		if (!$checkout) return false;

		$expectedProperties = array(
			'checkoutId',
			'checkoutHash',
			'reference',
			'paid',
			'amount',
			'phone',
			'transactionCode',
			'paymentMethod',
			'note',
			'signature'
		);

		foreach ($expectedProperties as $property) {

			if (!property_exists($checkout, $property)) return false;

		}

		if (!$this->validateSignature($checkout)) return false;

		return $checkout;
	}

	/**
	 * Given an iterable $payload, it authenticates its signature property
	 *
	 * @param 	mixed $payload Object or array
	 * @return 	mixed
	 */
	function validateSignature($request)
	{
		$string = '';

		foreach ($request as $key => $value) {
			if ($key === 'signature') continue;

			$string .= $value;
		}

		$signature = hash('sha512', $string . $this->secretKey);
		return ($signature === $request->signature);
	}