I am trying to connect a Hubspot CRM with my internal application, to send values from Hubspot to my app using Webhooks, with Authentication: Hubspot app id. I have been using this: https://developers.hubspot.com/docs/api/webhooks/validating-requests. But the $_SERVER['HTTP_X_HUBSPOT_SIGNATURE_V3'] does not match my hashed string.
Here is the code:
$request_method = $_SERVER['REQUEST_METHOD']; //returns: POST
$request_uri = $_SERVER['REQUEST_URI']; // returns: /hubspot/webhook.php
$request_body = file_get_contents('php://input');
//returns: {"email":"[email protected]","field1":null,"field2":null,"field3":null,"field4":null}
$request_timestamp = $_SERVER['HTTP_X_HUBSPOT_REQUEST_TIMESTAMP'];// returns: 1679654017505
$string = utf8_encode("{$request_method}{$request_uri}{$request_body}{$request_timestamp}"); //POST/hubspot/webhook.php{"email":"[email protected]","field1":null,"field2":null,"field3":null,"field4":null}1679654017505
$HUBSPOT_APP_SECRET = '...';
$hash = hash_hmac('sha256', $string, $HUBSPOT_APP_SECRET, true); //returns odd characters: ���_*�...
$encoded = base64_encode($hash);
$valid = hash_equals($_SERVER['HTTP_X_HUBSPOT_SIGNATURE_V3'], $encoded);
if($valid == 1) {
echo 'yes';
}else {
echo 'no';
}
In the end, it returns 'no'. I do not understand what I am doing wrong. Please help!
For anyone having this issue, the problem was the secret key. That's a private app key! "pat-na1" stands for Private App Token in North America.
The secret keys the documentation is referring to are developer apps where you are given a client ID and client secret key. Developer app secrets are in the UUID format. Here's a link to how to create a developer app: