I am trying to authenticate a webhook using api key (secret name and secret value). So I have made two files:
webhook.php :
<?php
include('webhook-api-key.php');
// Retrieve the request body from the webhook POST request
if ($http_status_code === 200){
$request_body = file_get_contents('php://input');
// Convert the request body from JSON to a PHP object
$request_data = json_decode($request_body);
// Extract the contact properties from the request data
$contact_properties = $request_data->properties;
// Extract the email property value
$email = $contact_properties->email->value;
// Extract the first name property value
$first_name = $contact_properties->firstname->value;
// Extract the last name property value
$last_name = $contact_properties->lastname->value;
// Do something with the contact data, such as adding it to a database or sending an email notification
// For example:
$contact_data = array(
'email' => $email,
'first_name' => $first_name,
'last_name' => $last_name
);
// Add the contact data to a database or send an email notification, etc.
// Send a HTTP response to HubSpot indicating that the webhook was successfully received and processed
http_response_code(200);
}
?>
and webhook-api-key.php:
<?php
$endpoint_url = 'https:/.../hubspot/webhook.php';
// Set up the API key secret name and secret value
$api_key_secret_name = 'word';
$api_key_secret_value = 'anther_word';
// Set up the HTTP POST request headers
$headers = array(
'Content-Type: application/json',
'Authorization: Bearer '.$api_key_secret_value
);
// Set up the HTTP POST request body
$body = array(
'api_key' => $api_key_secret_value
);
// Send the HTTP POST request to the webhook endpoint URL
$ch = curl_init($endpoint_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body));
$response = curl_exec($ch);
// Check for errors
if(curl_errno($ch)) {
$error_message = curl_error($ch);
echo 'Error: '.$error_message;
}
// Get the HTTP response status code
$http_status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
// Close the HTTP POST request
curl_close($ch);
// Handle the webhook response
if ($http_status_code === 200) {
echo 'Webhook successfully authenticated.';
} else {
echo 'Webhook authentication failed with HTTP status code: ' . $http_status_code;
}
?>
And in Hubspot configuration, the url is 'https:/.../hubspot/webhook.php'.
Is it ok this way ? I am asking because it killed my server when I tried to test it, and I cannot find examples on the internet using this kind of authetication.
Thank you!
So it is actually quite simple. There are no examples on the internet, and the documentation is poor, it explains more about Hubspot signature than API key. I understood eventually how it works, and here is the working code:
$expectedSecretName = 'word'; // Replace with your expected secret name
$expectedSecretValue = 'another_word'; // Replace with your expected secret value
$requestBody = file_get_contents('php://input');
$data = json_decode($requestBody);
if($_SERVER['HTTP_WORD'] == $expectedSecretValue){
//do something with values
$email = $data->email;
$firstname= $data->firstname;
$lastname= $data->lastname;
}
else{
//not from Hubspot
}