Menu
I'm using Mandrill to send emails with PHP. I've registered a webhook so I can handle any hard bounces in my application as well as in Mandrill. The difficulty I'm having is generating the X-Mandrill-Signature header to authenticate the request.
Mandrill has documentation about how to do it here but I'm failing to get it right.
Here's the POST parameters sent to me from Mandrill:
mandrill_events: [{"type":"whitelist","action":"add","entry":{"email":"[email protected]","detail":"example details","created_at":"2014-01-15 12:03:19"},"ts":1452869880},{"type":"whitelist","action":"remove","entry":{"email":"[email protected]","detail":"example details","created_at":"2014-01-15 12:03:19"},"ts":1452869880}]
I'm decoding the parameter into an array using json_decode(stripslashes($_POST['mandrill_events']), true) and then passing the array into the function as described in the help article:
function generateSignature($webhook_key, $url, $params) {
$signed_data = $url;
ksort($params);
foreach ($params as $key => $value) {
$signed_data .= $key;
$signed_data .= $value;
}
return base64_encode(hash_hmac('sha1', $signed_data, $webhook_key, true));
}
Using this I end up with
"http://requestb.in/ylyl00yl0Array1Array"
for $signed_data. I've tried a lot of variations of recursively iterating through the array key and values but to no avail.
Has anyone successfully used the example provided by Mandrill? Any help would be appreciated.
Thanks! David
592
You should be verifying the POST parameters sent by Mandrill, not the events JSON, i.e. generateSignature($key, $url, $_POST)
141
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
