<?php // key which will sign the data $key = hash('sha256', 'Unique user data or Some secret'); // the data $array = [ 'foobar' => 'baz' ]; // encode the payload $json = json_encode($array); // sign it with key $token = hash_hmac('sha256', $json, $key); // set response header //header('X-Checksum: '.$token); //echo $json; ## This is how the receiver would verify the received data. // faked: this would be populated by the request/response $_POST['json'] = $json; $_SERVER['X-Checksum'] = $token; // verify the data matches token by signing the data with the key $check = hash_hmac('sha256', $_POST['json'], $key); if (hash_equals($token, $check)) { echo 'Verified'; } else { echo 'Tampered'; } // example tampered data $_POST['json'] = 'tampered'.$json; $check = hash_hmac('sha256', $_POST['json'], $key); if (hash_equals($token, $check)) { echo 'Verified'; } else { echo 'Tampered'; }
You have javascript disabled. You will not be able to edit any code.