Instagram how to check X-Hub-Signature in php

Question

Instagram how to check X-Hub-Signature in php

What is the right way to test X-Hub-Signature in php?

I tried using

 $xHubSignature = $request->getHeader('X-Hub-Signature'); $postdata = file_get_contents("php://input"); $body = $request->getRawBody( ); $check = sha1('mysecret'.$postdata);

but that will not work.

+6

php

Whisher Feb 20 '13 at 9:05

source share

2 answers

Whisher · Answer 1 · 2013-02-25T21:27:43+0000

 hash_hmac( 'sha1', $postdata,'mysecret')

thanks Payom Dousti

https://groups.google.com/forum/?fromgroups=#!topic/instagram-api-developers/7nKyipJENdI

Alexander farber · Answer 2 · 2017-07-31T12:06:17+0000

To check the X-Hub-Signature header sent by Instagram or Facebook callback via web host in PHP version 5.6 or higher, you can use:

 if ( hash_equals('sha1=' . hash_hmac('sha1', $postdata, 'mysecret'), $_SERVER['HTTP_X_HUB_SIGNATURE'] )

This is better than using == or === , as the hash_equals method hash_equals prevent temporary attacks.

Instagram how to check X-Hub-Signature in php

More articles: