As there is currently no official SDK provided provided (which isn't out of date) I decided to integrate the REST API myself.
So far so good. I can create orders and receive webhooks if something happens on the paypal side of things.
However I ran into problems verifying the webhook server side.
There is a documentation which explains it here:
https://developer.paypal.com/api/rest/webhooks/
I set together the string which is mentioned there co...
<transmissionId>|<timeStamp>|<webhookId>|<crc32>
And to verify this I wrote the following code using the openssl_verify() method:
I have spent at least 3-4 days debugging and researching this issue. Does anybody have an idea what I am missing here?
<?php
$payload = file_get_contents('php://input');
$transmission_id = $_SERVER['HTTP_PAYPAL_TRANSMISSION_ID'];
$transmission_sig = $_SERVER['HTTP_PAYPAL_TRANSMISSION_SIG'];
$transmission_time = $_SERVER['HTTP_PAYPAL_TRANSMISSION_TIME'];
$cert_url = $_SERVER['HTTP_PAYPAL_CERT_URL'];
$cert = file_get_contents($cert_url);
$signature = base64_decode($transmission_sig);
// <transmissionId>|<timeStamp>|<webhookId>|<crc32>
$string_chain = implode('|', [
$transmission_id,
$transmission_time,
'mywebhookid',
crc32($payload),
]);
$success = openssl_verify(
data: $string_chain,
signature: $signature,
public_key: $cert,
algorithm: 'sha256WithRSAEncryption'
);
