Search code examples
phpwebhookshubspothubspot-crmhubspot-api

Webhooks - authentication type Api key - secret name and secret value - in PHP

I am trying to authenticate a webhook using api key (secret name and secret value). So I have made two files:

webhook.php :

<?php 

include('webhook-api-key.php');
// Retrieve the request body from the webhook POST request
if ($http_status_code === 200){
        $request_body = file_get_contents('php://input');

        // Convert the request body from JSON to a PHP object
        $request_data = json_decode($request_body);

        // Extract the contact properties from the request data
        $contact_properties = $request_data->properties;

        // Extract the email property value
        $email = $contact_properties->email->value;

        // Extract the first name property value
        $first_name = $contact_properties->firstname->value;

        // Extract the last name property value
        $last_name = $contact_properties->lastname->value;

        // Do something with the contact data, such as adding it to a database or sending an email notification
        // For example:
        $contact_data = array(
            'email' => $email,
            'first_name' => $first_name,
            'last_name' => $last_name
        );
        // Add the contact data to a database or send an email notification, etc.

        // Send a HTTP response to HubSpot indicating that the webhook was successfully received and processed
        http_response_code(200);
}
?>

and webhook-api-key.php:

<?php 

$endpoint_url = 'https:/.../hubspot/webhook.php';

// Set up the API key secret name and secret value
$api_key_secret_name = 'word';
$api_key_secret_value = 'anther_word';

// Set up the HTTP POST request headers
$headers = array(
    'Content-Type: application/json',
    'Authorization: Bearer '.$api_key_secret_value
);

// Set up the HTTP POST request body
$body = array(
    'api_key' => $api_key_secret_value
);

// Send the HTTP POST request to the webhook endpoint URL
$ch = curl_init($endpoint_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body));
$response = curl_exec($ch);

// Check for errors
if(curl_errno($ch)) {
    $error_message = curl_error($ch);
    echo 'Error: '.$error_message;
}

// Get the HTTP response status code
$http_status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

// Close the HTTP POST request
curl_close($ch);

// Handle the webhook response
if ($http_status_code === 200) {
    echo 'Webhook successfully authenticated.';
} else {
    echo 'Webhook authentication failed with HTTP status code: ' . $http_status_code;
}
?>

And in Hubspot configuration, the url is 'https:/.../hubspot/webhook.php'.

Is it ok this way ? I am asking because it killed my server when I tried to test it, and I cannot find examples on the internet using this kind of authetication.

Thank you!

Solution

  • So it is actually quite simple. There are no examples on the internet, and the documentation is poor, it explains more about Hubspot signature than API key. I understood eventually how it works, and here is the working code:

    $expectedSecretName = 'word'; // Replace with your expected secret name
$expectedSecretValue = 'another_word'; // Replace with your expected secret value

$requestBody = file_get_contents('php://input');
$data = json_decode($requestBody);

    if($_SERVER['HTTP_WORD'] == $expectedSecretValue){
//do something with values
$email = $data->email;
$firstname= $data->firstname;
$lastname= $data->lastname;
}
else{
//not from Hubspot
}