<?php
public function notifications(Request $request) {
$notificationHeader = getallheaders();
$notificationBody = file_get_contents('php://input');
$notificationPath = '/payments/notifications'; // Adjust according to your notification path
$secretKey = 'SK-e8acCt3iB1a1A0Jodfad'; // Adjust according to your secret key
$digest = base64_encode(hash('sha256', $notificationBody, true));
$rawSignature = "Client-Id:" . $notificationHeader['Client-Id'] . "\n"
. "Request-Id:" . $notificationHeader['Request-Id'] . "\n"
. "Request-Timestamp:" . $notificationHeader['Request-Timestamp'] . "\n"
. "Request-Target:" . $notificationPath . "\n"
. "Digest:" . $digest;
$signature = base64_encode(hash_hmac('sha256', $rawSignature, $secretKey, true));
$finalSignature = 'HMACSHA256=' . $signature;
if ($finalSignature == $headers['Signature']) {
// TODO: Process if Signature is Valid
return response('OK', 200)->header('Content-Type', 'text/plain');
// TODO: Do update the transaction status based on the `transaction.status`
} else {
// TODO: Response with 400 errors for Invalid Signature
return response('Invalid Signature', 400)->header('Content-Type', 'text/plain');
}
}
