"); $body = file_get_contents("php://input"); // $decodedBody = json_decode(urldecode($body)); if (verifySignature($body) !== false) { // verified } else { // unverified http_response_code(403); echo "unauthorized"; } function verifySignature($body){ $headers = getallheaders(); return hash_equals('sha256='.hash_hmac('sha256', $body, SECRET), $headers['x-hub-signature-256']); }