Help to verify signature

I am trying to implement the Twitch Api in PHP. I having problems to verify the signature of the EventSub.
I don’t know how to get the “raw bytes of the request body”. Nor what does the “signature.hex ()” mean.
Do I have to convert the value of the contact to HEX?
If someone has an example code it would be useful.
Thank you.

Here is an example for webhooks that you can use as a basis to modify the method for eventsub https://github.com/BarryCarlyon/twitch_misc/blob/main/webhooks/handlers/php/index.php

The method to validate is similar. So this should help you convert to eventsub

  $raw_data = file_get_contents('php://input');

PHP would use hash_hmac - https://www.php.net/hash_hmac

 $our_signature = hash_hmac($protocol, $raw_data, WEBHOOKS_SECRET);

For eventsub rather than just $raw_data you would have to string concat the needed headers (id/timestamp) and the raw data. Before passing to hash_hmac

THANKS! I was able to solve it thanks to your answer.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.