You can test a webhook URL with your current active API credentials under Authified Dashboard Settings Merchant API Webhook URL or here.
To prevent un-authorized access, Authified system will automatically generate Signature with your current active Api-Secret and will send along with the post back as headers.
Client code should also be prepared to prevent un-authorized access/post backs. Code should be able to generate Signature (see authentication) with your current active Api-Secret as password. Signature should be compare with header received along with post back request. You can use response for further integration only if, both signatures matched successfully. Otherwise un-authorized post back should be prevented.
Api-Key along with the post back request as header.
<?php
header("Content-Type:application/json");
try {
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$headers = getallheaders();
$data = json_decode(file_get_contents("php://input"), true);
if (!empty($headers["Signature"]) && !empty($headers["Api-Key"])) {
if (!empty($data)) {
$Signature = $headers["Signature"];
$Api_Key = $headers["Api-Key"];
$Api_Secret = "YOUR-API-SECRET-HERE";
$Signature_2 = base64_encode(hash_hmac("sha256", http_build_query($data), $Api_Secret, true));
if (md5($Signature) === md5($Signature_2)) {
echo json_encode([
"http_code" => 200,
"description" => "WEBHOOK_UPDATED_SUCCESSFULLY",
], JSON_PRETTY_PRINT);
} else {
echo json_encode([
"http_code" => 403,
"description" => "FORBIDDEN_SIGNATURE_MISMATCHED",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_DATA",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_HEADERS",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 405,
"description" => "METHOD_NOT_ALLOWED",
], JSON_PRETTY_PRINT);
}
} catch (\Exception $e) {
echo json_encode([
"http_code" => 500,
"description" => "INTERNAL_ERROR",
"message" => $e->getMessage() . " at " . $e->getLine()
], JSON_PRETTY_PRINT);
}
?><?php
header("Content-Type:application/json");
try {
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$headers = getallheaders();
$data = json_decode(file_get_contents("php://input"), true);
if (!empty($headers["Signature"]) && !empty($headers["Api-Key"])) {
if (!empty($data)) {
$Signature = $headers["Signature"];
$Api_Key = $headers["Api-Key"];
$Api_Secret = "YOUR-API-SECRET-HERE";
$Signature_2 = base64_encode(hash_hmac("sha256", http_build_query($data), $Api_Secret, true));
if (md5($Signature) === md5($Signature_2)) {
echo json_encode([
"http_code" => 200,
"description" => "WEBHOOK_UPDATED_SUCCESSFULLY",
], JSON_PRETTY_PRINT);
} else {
echo json_encode([
"http_code" => 403,
"description" => "FORBIDDEN_SIGNATURE_MISMATCHED",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_DATA",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_HEADERS",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 405,
"description" => "METHOD_NOT_ALLOWED",
], JSON_PRETTY_PRINT);
}
} catch (\Exception $e) {
echo json_encode([
"http_code" => 500,
"description" => "INTERNAL_ERROR",
"message" => $e->getMessage() . " at " . $e->getLine()
], JSON_PRETTY_PRINT);
}
?><?php
header("Content-Type:application/json");
try {
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$headers = getallheaders();
$data = json_decode(file_get_contents("php://input"), true);
if (!empty($headers["Signature"]) && !empty($headers["Api-Key"])) {
if (!empty($data)) {
$Signature = $headers["Signature"];
$Api_Key = $headers["Api-Key"];
$Api_Secret = "YOUR-API-SECRET-HERE";
$Signature_2 = base64_encode(hash_hmac("sha256", http_build_query($data), $Api_Secret, true));
if (md5($Signature) === md5($Signature_2)) {
echo json_encode([
"http_code" => 200,
"description" => "WEBHOOK_UPDATED_SUCCESSFULLY",
], JSON_PRETTY_PRINT);
} else {
echo json_encode([
"http_code" => 403,
"description" => "FORBIDDEN_SIGNATURE_MISMATCHED",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_DATA",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_HEADERS",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 405,
"description" => "METHOD_NOT_ALLOWED",
], JSON_PRETTY_PRINT);
}
} catch (\Exception $e) {
echo json_encode([
"http_code" => 500,
"description" => "INTERNAL_ERROR",
"message" => $e->getMessage() . " at " . $e->getLine()
], JSON_PRETTY_PRINT);
}
?><?php
header("Content-Type:application/json");
try {
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$headers = getallheaders();
$data = json_decode(file_get_contents("php://input"), true);
if (!empty($headers["Signature"]) && !empty($headers["Api-Key"])) {
if (!empty($data)) {
$Signature = $headers["Signature"];
$Api_Key = $headers["Api-Key"];
$Api_Secret = "YOUR-API-SECRET-HERE";
$Signature_2 = base64_encode(hash_hmac("sha256", http_build_query($data), $Api_Secret, true));
if (md5($Signature) === md5($Signature_2)) {
echo json_encode([
"http_code" => 200,
"description" => "WEBHOOK_UPDATED_SUCCESSFULLY",
], JSON_PRETTY_PRINT);
} else {
echo json_encode([
"http_code" => 403,
"description" => "FORBIDDEN_SIGNATURE_MISMATCHED",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_DATA",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_HEADERS",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 405,
"description" => "METHOD_NOT_ALLOWED",
], JSON_PRETTY_PRINT);
}
} catch (\Exception $e) {
echo json_encode([
"http_code" => 500,
"description" => "INTERNAL_ERROR",
"message" => $e->getMessage() . " at " . $e->getLine()
], JSON_PRETTY_PRINT);
}
?><?php
header("Content-Type:application/json");
try {
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$headers = getallheaders();
$data = json_decode(file_get_contents("php://input"), true);
if (!empty($headers["Signature"]) && !empty($headers["Api-Key"])) {
if (!empty($data)) {
$Signature = $headers["Signature"];
$Api_Key = $headers["Api-Key"];
$Api_Secret = "YOUR-API-SECRET-HERE";
$Signature_2 = base64_encode(hash_hmac("sha256", http_build_query($data), $Api_Secret, true));
if (md5($Signature) === md5($Signature_2)) {
echo json_encode([
"http_code" => 200,
"description" => "WEBHOOK_UPDATED_SUCCESSFULLY",
], JSON_PRETTY_PRINT);
} else {
echo json_encode([
"http_code" => 403,
"description" => "FORBIDDEN_SIGNATURE_MISMATCHED",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_DATA",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_HEADERS",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 405,
"description" => "METHOD_NOT_ALLOWED",
], JSON_PRETTY_PRINT);
}
} catch (\Exception $e) {
echo json_encode([
"http_code" => 500,
"description" => "INTERNAL_ERROR",
"message" => $e->getMessage() . " at " . $e->getLine()
], JSON_PRETTY_PRINT);
}
?><?php
header("Content-Type:application/json");
try {
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$headers = getallheaders();
$data = json_decode(file_get_contents("php://input"), true);
if (!empty($headers["Signature"]) && !empty($headers["Api-Key"])) {
if (!empty($data)) {
$Signature = $headers["Signature"];
$Api_Key = $headers["Api-Key"];
$Api_Secret = "YOUR-API-SECRET-HERE";
$Signature_2 = base64_encode(hash_hmac("sha256", http_build_query($data), $Api_Secret, true));
if (md5($Signature) === md5($Signature_2)) {
echo json_encode([
"http_code" => 200,
"description" => "WEBHOOK_UPDATED_SUCCESSFULLY",
], JSON_PRETTY_PRINT);
} else {
echo json_encode([
"http_code" => 403,
"description" => "FORBIDDEN_SIGNATURE_MISMATCHED",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_DATA",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 400,
"description" => "MISSING_HEADERS",
], JSON_PRETTY_PRINT);
}
} else {
echo json_encode([
"http_code" => 405,
"description" => "METHOD_NOT_ALLOWED",
], JSON_PRETTY_PRINT);
}
} catch (\Exception $e) {
echo json_encode([
"http_code" => 500,
"description" => "INTERNAL_ERROR",
"message" => $e->getMessage() . " at " . $e->getLine()
], JSON_PRETTY_PRINT);
}
?>