https://github.com/compwright/x-hub-signature-php

https://github.com/compwright/x-hub-signature-php

webhook x-hub-signature

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/compwright/x-hub-signature-php
• Owner: compwright
• License: mit
• Created: 2024-04-09T18:56:05.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2024-04-10T01:11:49.000Z (over 1 year ago)
• Last Synced: 2025-06-19T13:07:55.435Z (6 months ago)
• Topics: webhook, x-hub-signature
• Language: PHP
• Homepage: https://packagist.org/packages/compwright/x-hub-signature
• Size: 25.4 KB
• Stars: 1
• Watchers: 2
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# X-Hub-Signature tools for PHP

[![Sponsor on GitHub](https://img.shields.io/static/v1?label=Sponsor&message=❤&logo=GitHub&link=https://github.com/sponsors/compwright)](https://github.com/sponsors/compwright)

X-Hub-Signature is a compact way to validate webhooks from [Facebook](https://developers.facebook.com/docs/graph-api/webhooks/), [GitHub](https://developer.github.com/webhooks/securing/), or any other source that uses this signature scheme.

Care has been taken to avoid security issues, including timing attacks.

## Getting Started

To install:

```shell

composer require compwright/x-hub-signature

```

## Usage

Sign a buffer containing a request body:

```php

getHeaderName();

$headerValue = $signer->sign($requestBody, $secret);

$signatureHeader = $headerName . ': ' . $headerValue;

// Verify an inbound webhook

$isValid = $signer->verify($signatureHeaderValue, $requestBody, $secret);

if ($isValid === false) {

    throw new InvalidArgumentException('Bad Request');

}

```

## License

MIT License