Issue with Webhook Signature Verification when Request Body Contains Arabic Characters

[MohamedH]

 

Hello,
I’m implementing webhook signature verification for Loyverse in PHP. The verification works correctly when the request body contains only English characters.

However, when the payload includes Arabic characters, the generated signature does not match the X-Loyverse-Signature header, and the verification fails.

Here’s the relevant code snippet:

```php

protected function verifySignature($headers) {
    $input = file_get_contents('php://input');
    if (empty($headers['X-Loyverse-Signature'])) {
        return false;
    }

    $signatureHeader = $headers['X-Loyverse-Signature'];
    $secret = 'MY_WEBHOOK_SECRET';

    $calculatedSignature = hash_hmac('sha1', $input, $secret, false);

    return hash_equals($signatureHeader, $calculatedSignature);
}
 

```

Works fine with English payloads.
Fails when the payload contains Arabic (e.g., product names, notes, etc.).

Is there a solution?

Thanks in advance!

Edited Friday at 09:33 AM by MohamedH