I need to set up a PHP page to receive Webhooks - in the past I have done a lot of them, so this is not a problem, but the API I'm working with for this project requires my web host to verify the signature in the header.
As part of the confirmation request, he will send the following:
HEADER:
"x-xero-signature" : HASH_VALUE
PAYLOAD:
{
"events": [],
"lastEventSequence": 0,
"firstEventSequence": 0,
"entropy": "S0m3r4N0m3t3xt"
}
I created a Webhook key (for example, "ABC123"), and as part of the verification request for this Webhook I have to make sure that the payload that hashes using HMACSHA256 with your webhook key and base64 must match the signature in the header. This is a properly signed payload. If the signature does not match the hashed payload, this is an incorrectly signed payload.
, URL : 200 Ok : 401 .
, - :
https://developer.xero.com/documentation/getting-started/webhooks