Webhooks - Authentication Type API Key - Secret Name and Secret Value - in PHP

Question

I'm trying to authenticate a webhook using an api key (secret name and secret value).所以我制作了两个文件：

webhook.php：

<?php 

include('webhook-api-key.php');
// Retrieve the request body from the webhook POST request
if ($http_status_code === 200){
        $request_body = file_get_contents('php://input');

        // Convert the request body from JSON to a PHP object
        $request_data = json_decode($request_body);

        // Extract the contact properties from the request data
        $contact_properties = $request_data->properties;

        // Extract the email property value
        $email = $contact_properties->email->value;

        // Extract the first name property value
        $first_name = $contact_properties->firstname->value;

        // Extract the last name property value
        $last_name = $contact_properties->lastname->value;

        // Do something with the contact data, such as adding it to a database or sending an email notification
        // For example:
        $contact_data = array(
            'email' => $email,
            'first_name' => $first_name,
            'last_name' => $last_name
        );
        // Add the contact data to a database or send an email notification, etc.

        // Send a HTTP response to HubSpot indicating that the webhook was successfully received and processed
        http_response_code(200);
}
?>

和 webhook-api-key.php：

<?php 

$endpoint_url = 'https:/.../hubspot/webhook.php';

// Set up the API key secret name and secret value
$api_key_secret_name = 'word';
$api_key_secret_value = 'anther_word';

// Set up the HTTP POST request headers
$headers = array(
    'Content-Type: application/json',
    'Authorization: Bearer '.$api_key_secret_value
);

// Set up the HTTP POST request body
$body = array(
    'api_key' => $api_key_secret_value
);

// Send the HTTP POST request to the webhook endpoint URL
$ch = curl_init($endpoint_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body));
$response = curl_exec($ch);

// Check for errors
if(curl_errno($ch)) {
    $error_message = curl_error($ch);
    echo 'Error: '.$error_message;
}

// Get the HTTP response status code
$http_status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

// Close the HTTP POST request
curl_close($ch);

// Handle the webhook response
if ($http_status_code === 200) {
    echo 'Webhook successfully authenticated.';
} else {
    echo 'Webhook authentication failed with HTTP status code: ' . $http_status_code;
}
?>

在 Hubspot 配置中，网址为“https:/.../hubspot/webhook.php”。

Is this okay? I ask this because when I tried to test it it killed my server and I can't find an example on the internet using this kind of authentication.

Thank you!

Answer 1

So it’s actually very simple. There are no examples on the internet and the documentation is poor, explaining more about Hubspot signatures than API keys. I finally figured out how it works and here is the working code:

$expectedSecretName = 'word'; // Replace with your expected secret name
$expectedSecretValue = 'another_word'; // Replace with your expected secret value

$requestBody = file_get_contents('php://input');
$data = json_decode($requestBody);

    if($_SERVER['HTTP_WORD'] == $expectedSecretValue){
//do something with values
$email = $data->email;
$firstname= $data->firstname;
$lastname= $data->lastname;
}
else{
//not from Hubspot
}