-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathWebhooks.php
More file actions
89 lines (76 loc) · 2.87 KB
/
Webhooks.php
File metadata and controls
89 lines (76 loc) · 2.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php
declare(strict_types=1);
namespace Rapttor\WhopSdk\Resources;
use Rapttor\WhopSdk\Http\Page;
/**
* Webhooks resource.
*
* @see https://docs.whop.com/api-reference/webhooks
*/
final class Webhooks extends AbstractResource
{
/**
* @param array{company_id: string, per_page?: int, after?: string} $params
* @return Page<array<string, mixed>>
*/
public function list(array $params = []): Page
{
$companyId = $this->requireParam($params, 'company_id');
$query = $this->stripParams($params, ['company_id']);
$response = $this->client->get("/v5/company/{$companyId}/webhooks", $query);
return $this->buildPage($response, $params);
}
/** @return array<string, mixed> */
public function retrieve(string $webhookId, string $companyId): array
{
return $this->client->get("/v5/company/{$companyId}/webhooks/{$webhookId}");
}
/**
* @param array<string, mixed> $body
* @return array<string, mixed>
*/
public function create(string $companyId, array $body): array
{
return $this->client->post("/v5/company/{$companyId}/webhooks", $body);
}
/**
* @param array<string, mixed> $body
* @return array<string, mixed>
*/
public function update(string $webhookId, string $companyId, array $body): array
{
return $this->client->patch("/v5/company/{$companyId}/webhooks/{$webhookId}", $body);
}
/** @return array<string, mixed> */
public function delete(string $webhookId, string $companyId): array
{
return $this->client->delete("/v5/company/{$companyId}/webhooks/{$webhookId}");
}
// ── Signature verification ─────────────────────────────────────────────────
/**
* Verify the HMAC-SHA256 signature on an incoming webhook request.
*
* Usage in a controller:
* ```php
* $payload = file_get_contents('php://input');
* $signature = $_SERVER['HTTP_X_WHOP_SIGNATURE'] ?? '';
* $secret = $_ENV['WHOP_WEBHOOK_SECRET'];
*
* if (!Webhooks::verifySignature($payload, $signature, $secret)) {
* http_response_code(401);
* exit;
* }
* ```
*
* @param string $payload Raw request body (do NOT json_decode first).
* @param string $signature Value of the `X-Whop-Signature` header.
* @param string $secret Your webhook secret from the Whop dashboard.
*/
public static function verifySignature(string $payload, string $signature, string $secret): bool
{
// Strip an optional "sha256=" prefix that some platforms prepend
$sig = str_starts_with($signature, 'sha256=') ? substr($signature, 7) : $signature;
$expected = hash_hmac('sha256', $payload, $secret);
return hash_equals($expected, $sig);
}
}