php - Correct Payload and Signature for Coinbase commerce api

Question

I implement the webhook.php file given on the coinbase commerce github package.

<?php
require_once "C:/Users/kjkj/vendor/autoload.php";

use CoinbaseCommerceWebhook;

$secret = '9xxxxxxx-xxx6-4xxc-xxxx-dxxxxxxxxxx';
$headerName = 'X-Cc-Webhook-Signature';
$headers = getallheaders();
$signraturHeader = isset($headers[$headerName]) ? $headers[$headerName] : null;
$payload = trim(file_get_contents('docs/payload_example.json'));

try {
    $event = Webhook::buildEvent($payload, $signraturHeader, $secret);
    http_response_code(200);
    echo sprintf('Successully verified event with id %s and type %s.', $event->id, $event->type);
} catch (Exception $exception) {
    http_response_code(400);
    echo 'Error occured. ' . $exception->getMessage();
}

But when i execute, i get this output:

Warning: hash_equals(): Expected known_string to be a string, null given in C:Userskjkjvendorcoinbasecoinbase-commercesrcUtil.php on line 100 Error occured. No signatures found matching the expected signature f9584a6163901a7330c271705f9f19bfc3afca3d2bcfd6b2be2f6e2a668f7f92 for payload { "id": 1, "scheduled_for": "2017-01-31T20:50:02Z", "event": { "id": "24934862-d980-46cb-9402-43c81b0cdba6", "resource": "event", "type": "charge:created", "api_version": "2018-03-22", "created_at": "2017-01-31T20:49:02Z", "data": { "code": "66BEOV2A", "name": "The Sovereign Individual", "description": "Mastering the Transition to the Information Age", "hosted_url": "https://commerce.coinbase.com/charges/66BEOV2A", "created_at": "2017-01-31T20:49:02Z", "expires_at": "2017-01-31T21:49:02Z", "timeline": [ { "time": "2017-01-31T20:49:02Z", "status": "NEW" } ], "metadata": {}, "pricing_type": "no_price", "payments": [], "addresses": { "bitcoin": "mymZkiXhQNd6VWWG7VGSVdDX9bKmviti3U", "ethereum": "0x419f91df39951fd4e8acc8f1874b01c0c78ceba6" } } } }

The payload_example.json contains an example of payload that i took here Reading the error lets me know that the signature is not corresponding ans even the payload is not okay. So what is the correct payload to use?

question from:https://stackoverflow.com/questions/65880995/correct-payload-and-signature-for-coinbase-commerce-api

Answer 1

Waitting for answers