WorkOS PHP SDK

WebhookVerification
in package

Table of Contents

Constants

DEFAULT_TOLERANCE  = 180

Properties

$client  : HttpClient

Methods

__construct()  : mixed
computeSignature()  : string
Compute the expected HMAC-SHA256 signature for a webhook payload.
getTimestampAndSignatureHash()  : array{0: string, 1: string}
Parse the timestamp and signature hash from a WorkOS-Signature header.
verifyEvent()  : array<string|int, mixed>
Verify a webhook signature and return the deserialized event payload.
verifyHeader()  : void
Verify the signature of a Webhook. Throws if verification fails.

Constants

Properties

Methods

computeSignature()

Compute the expected HMAC-SHA256 signature for a webhook payload.

public static computeSignature(string $timestamp, string $payload, string $secret) : string
Parameters
$timestamp : string

The issued timestamp (milliseconds).

$payload : string

The raw webhook body.

$secret : string

The webhook secret.

Return values
string

The hex-encoded HMAC signature.

getTimestampAndSignatureHash()

Parse the timestamp and signature hash from a WorkOS-Signature header.

public static getTimestampAndSignatureHash(string $sigHeader) : array{0: string, 1: string}
Parameters
$sigHeader : string

The 'WorkOS-Signature' header value.

Tags
throws
InvalidArgumentException

If the header cannot be parsed.

Return values
array{0: string, 1: string}

[timestamp, signatureHash]

verifyEvent()

Verify a webhook signature and return the deserialized event payload.

public verifyEvent(string $eventBody, string $eventSignature, string $secret[, int|null $tolerance = null ]) : array<string|int, mixed>
Parameters
$eventBody : string

The raw webhook body (string).

$eventSignature : string

The 'WorkOS-Signature' header value.

$secret : string

The webhook endpoint secret from the WorkOS dashboard.

$tolerance : int|null = null

Seconds the event is valid for. Defaults to 180.

Tags
throws
InvalidArgumentException

If the signature cannot be verified.

Return values
array<string|int, mixed>

The deserialized webhook event as an associative array.

verifyHeader()

Verify the signature of a Webhook. Throws if verification fails.

public verifyHeader(string $eventBody, string $eventSignature, string $secret[, int|null $tolerance = null ]) : void
Parameters
$eventBody : string

The raw webhook body (string).

$eventSignature : string

The 'WorkOS-Signature' header value.

$secret : string

The webhook endpoint secret from the WorkOS dashboard.

$tolerance : int|null = null

Seconds the event is valid for. Defaults to 180.

Tags
throws
InvalidArgumentException

If the signature cannot be verified.


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results