Webhooks server in PHP
This article presents a simple webhooks server example.
We strongly advise you NOT to use this in a production environment.
# Dependencies
This example does not require any external PHP dependencies.
However, for local development purposes, a tunneling service is required. This example uses ngrok.
You can download ngrok here: https://ngrok.com/download.
# Examples
Below are two examples of a webhooks server.
# Example without checking the request signature
This is a very simple example, with the server logging the body
from the request to the console. The body
contains the complete webhook information sent from CKEditor Cloud Services.
<?php
$body = file_get_contents('php://input');
$webhook = json_decode($body);
file_put_contents('php://stdout', 'Webhook received: ' . print_r($webhook, true) . "\r\n");
# Example with checking the request signature
This example shows how to verify if the request was sent from the CKEditor Cloud Services servers
and was signed with the correct API secret.
Several variables are needed to generate and check the signature. The API secret is available in the Customer Portal for SaaS or in the Management Panel for On-Premises, the rest of the parameters are in the request:
method
:$_SERVER['REQUEST_METHOD']
url
:$_SERVER['REQUEST_URI']
timestamp
:$_SERVER['HTTP_X_CS_TIMESTAMP']
body
:file_get_contents('php://input')
<?php
$apiSecret = 'your-api-secret';
$requestMethod = $_SERVER['REQUEST_METHOD'] ?? '';
$receivedHmac = $_SERVER['HTTP_X_CS_SIGNATURE'] ?? '';
$timestamp = $_SERVER['HTTP_X_CS_TIMESTAMP'] ?? '';
$url = $_SERVER['REQUEST_URI'];
$body = file_get_contents('php://input');
$data = $requestMethod . $url . $timestamp . $body;
$hmac = hash_hmac('sha256', $data, $apiSecret);
$isValid = hash_equals($hmac, $receivedHmac);
if (!$isValid) {
// Invalid webhook signature, ignore the request.
die();
}
$webhook = json_decode($body);
file_put_contents('php://stdout', 'Webhook event received: ' . print_r($webhook, true) . "\r\n");
# Usage
Save the above example file as index.php
and start the server with:
php -S 127.0.0.1:9000
If needed, run ngrok with:
./ngrok http 9000
After this, you should see a *.ngrok.io
URL. Copy the *.ngrok.io
URL and paste it in the webhook configuration. You should be able to receive webhooks now.