Webhooks
Webhooks push data to external URLs on events. Verify incoming webhooks with HMAC signatures to prevent spoofing.
PHP
Intermediate
4 min read
Sending and Receiving Webhooks
Example
// Sending a webhook
Http::post($url, ["event" => "order.created", "data" => $order]);
// Receiving (verify Stripe-style HMAC)
$payload = $request->getContent();
$sig = $request->header("X-Hub-Signature-256");
$expected = "sha256=" . hash_hmac("sha256", $payload, config("webhook.secret"));
if (!hash_equals($expected, $sig)) {
abort(403, "Invalid signature");
}
$data = json_decode($payload, true); Pro Tip
Process webhooks asynchronously via queues — return 200 immediately, then handle the job.