Last active
November 9, 2015 03:26
-
-
Save nikmolnar/1385d8796416996fd161 to your computer and use it in GitHub Desktop.
Example PHP code for handling a webhook callback from Data Basin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$SECRET_KEY = "<secret key here>"; | |
function base64url_encode($data) { | |
return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); | |
} | |
function is_valid($secret, $value, $salt, $signature) { | |
$verify = base64url_encode(hash_hmac("sha1", $value, sha1($salt . $secret, true), true)); | |
return $signature === $verify; | |
} | |
if (array_key_exists("HTTP_X_WEBHOOK_SIGNATURE", $_SERVER)) { | |
$body = file_get_contents("php://input"); | |
$raw_signature = $_SERVER['HTTP_X_WEBHOOK_SIGNATURE']; | |
list($salt, $signature) = explode(":", $raw_signature, 2); | |
// Verify the request body against the signature/salt combination. | |
if (!is_valid($SECRET_KEY, $body, $salt, $signature)) { | |
die("Invalid signature!"); | |
} | |
// We've confirmed that the request really is from Data Basin | |
$payload = json_decode($body); | |
echo($payload->event); | |
} | |
else { | |
die("No signature!"); | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment