X-Hub-Signature tools for PHP

X-Hub-Signature is a compact way to validate webhooks from Facebook, GitHub, or any other source that uses this signature scheme.

Care has been taken to avoid security issues, including timing attacks.

Getting Started

To install:

composer require compwright/x-hub-signature

Usage

Sign a buffer containing a request body:

<?php

use Compwright\XHubSignature;
use InvalidArgumentException;

$signer = new XHubSignature\Sha256();

// Generate the signature header for an outbound webhook, i.e.
//
//   X-Hub-Signature-256: sha256=...
//
$headerName = $signer->getHeaderName();
$headerValue = $signer->sign($requestBody, $secret);
$signatureHeader = $headerName . ': ' . $headerValue;

// Verify an inbound webhook
$isValid = $signer->verify($signatureHeaderValue, $requestBody, $secret);
if ($isValid === false) {
    throw new InvalidArgumentException('Bad Request');
}

License

MIT License

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github		.github
src		src
tests		tests
.gitignore		.gitignore
.php-cs-fixer.php		.php-cs-fixer.php
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
composer.json		composer.json
composer.lock		composer.lock
phpstan.neon		phpstan.neon

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Repository files navigation

X-Hub-Signature tools for PHP

Getting Started

Usage

License

About

Uh oh!

Releases 1

Sponsor this project

Uh oh!

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

Uh oh!

License

compwright/x-hub-signature-php

Folders and files

Latest commit

History

Repository files navigation

X-Hub-Signature tools for PHP

Getting Started

Usage

License

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 1

Sponsor this project

Uh oh!

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages