public function verifyWebhookSignature($postData = null)
{
if ($postData === null) {
$postData = $_POST;
}
if (!isset($postData['timestamp']) || !isset($postData['token']) || !isset($postData['signature'])) {
return false;
}
$hmac = hash_hmac('sha256', "{$postData['timestamp']}{$postData['token']}", $this->apiKey);
$sig = $postData['signature'];
if (function_exists('hash_equals')) {
// hash_equals is constant time, but will not be introduced until PHP 5.6
return hash_equals($hmac, $sig);
} else {
return $hmac === $sig;
}
}