I’m working on a Patreon integration for Auroras.live and needed to verify the hash that is sent with the headers by Patreon. I’m using Laravel, but this can easily be tweaked to fit whatever:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // This example can be copied and pasted into Laravel. | |
| // If you're not using Laravel, change the $request related stuff into PHP's native stuff (e.g. file_get_contents("php:///input") etc.) | |
| function verifyPatreonHash(Request $request) { | |
| $patreonBody = $request->getContent(); // This is the raw **body** of the request, which will be JSON (but don't json_decode it!) | |
| $patreonSignature = $request->header('X-Patreon-Signature'); // And this is the header from Patreon | |
| $webhookSecret = "Patreon Webhook Secret Here"; // This'll be the secret Patreon gave you when you created the webhook | |
| $webhookHash = hash_hmac('md5', $patreonBody, $webhookSecret); // This is the hash we've calculated, based on the body and the secret | |
| if(strtolower($webhookHash) == strtolower($patreonSignature)) { | |
| return true; // Verification succeeded | |
| } else { | |
| return false; // Verification failed | |
| } | |
| } |