<?php
define('SECRET', 'private-key');
$payload = [
"id" => 1,
"username" => "test@example.com",
"created_at" => "2018-10-11 13:30:29",
"updated_at" => "2018-10-17 11:17:14"
];
echo verifySignature(SECRET, 'https://example.com/webhook', $payload, 1517949000);
function verifySignature(string $secret, string $webhookUrl, array $payload, int $timestamp): string
{
$jsonPayload = json_encode($payload);
$stringToSign = "NORDWL-HMAC-SHA256\n";
$stringToSign .= sprintf("Timestamp %d\n", $timestamp);
$stringToSign .= hash('sha256', $jsonPayload);
$timestampKey = hash_hmac('sha256', $timestamp, 'NORDWL' . $secret, true);
$signingKey = hash_hmac('sha256', $webhookUrl, $timestampKey, true);
return hash_hmac('sha256', $stringToSign, $signingKey);
}
preferences:
52.53 ms | 402 KiB | 5 Q