Payments
  • Welcome
  • One time payment
    • OneBip
    • PayPal Legacy
    • PayPal
    • Stripe
    • Paymentwall
    • Mollie
  • Subscription payment
    • PayPal
  • Webhook
    • Payment Payload
    • Subscription Status Paypload
    • Validating webhook
  • Payment Entities
    • Base
    • User
    • Package
    • Subscription
    • InvoiceNinja
    • FactuurSturen
Powered by GitBook
On this page

Was this helpful?

  1. Webhook

Validating webhook

Every request we are sending to you has a X-Signature header, you can use this header to validate the payload.

You can validate the payload by using the PHP hash_hmac function. The payload variable must be the raw body (the json encoded body). And the project secret is the secret you can find at your project on the payment platform.

hash_hmac('sha256', $payload, 'projectSecret')

The output of the hash_hmac function must be the same as the X-Signature header, if it is the same, the request is coming from us, and is signed with your project secret key.

Note: An attacker can do repeat attacks, please handle this from your end, by marking the payment as "completed" on your end. It might happen that the same identifier/transactionId is passed with another status, like chargeback.

PreviousSubscription Status PayploadNextBase

Last updated 4 years ago

Was this helpful?