Webhooks server in PHP

This article presents a simple webhooks server example.

We strongly advise you NOT to use this in a production environment.

# Dependencies

This example does not require any external PHP dependencies.
However, for local development purposes, a tunneling service is required. This example uses ngrok.

You can download ngrok here: https://ngrok.com/download.

# Examples

Below are two examples of a webhooks server.

# Example without checking the request signature

This is a very simple example, with the server logging the body from the request to the console. The body contains the complete webhook information sent from CKEditor Cloud Services.

<?php

$body = file_get_contents('php://input');

$webhook = json_decode($body);

file_put_contents('php://stdout', 'Webhook received: ' . print_r($webhook, true) . "\r\n");

# Example with checking the request signature

This example shows how to verify if the request was sent from the CKEditor Cloud Services servers
and was signed with the correct API secret.

Several variables are needed to generate and check the signature. The API secret is available in the CKEditor Ecosystem customer dashboard for SaaS or in the Management Panel for On-Premises, the rest of the parameters are in the request:

  • method: $_SERVER['REQUEST_METHOD']
  • url: $_SERVER['REQUEST_URI']
  • timestamp: $_SERVER['HTTP_X_CS_TIMESTAMP']
  • body: file_get_contents('php://input')
<?php

$apiSecret = 'your-api-secret';

$requestMethod = $_SERVER['REQUEST_METHOD'] ?? '';
$receivedHmac = $_SERVER['HTTP_X_CS_SIGNATURE'] ?? '';
$timestamp = $_SERVER['HTTP_X_CS_TIMESTAMP'] ?? '';
$url = $_SERVER['REQUEST_URI'];
$body = file_get_contents('php://input');

$data = $requestMethod . $url . $timestamp . $body;
$hmac = hash_hmac('sha256', $data, $apiSecret);

$isValid = hash_equals($hmac, $receivedHmac);

if (!$isValid) {
    // Invalid webhook signature, ignore the request.
    die();
}

$webhook = json_decode($body);

file_put_contents('php://stdout', 'Webhook event received: ' . print_r($webhook, true) . "\r\n");

# Usage

Save the above example file as index.php and start the server with:

php -S 127.0.0.1:9000

If needed, run ngrok with:

./ngrok http 9000

After this, you should see a *.ngrok.io URL. Copy the *.ngrok.io URL and paste it in the webhook configuration. You should be able to receive webhooks now.