MailMunch allows you to secure the incoming webhook request to your API endpoint by using a combination of your secret key and the request's timestamp.
In order to secure your requests, follow the few easy steps mentioned below.
Step 1: Edit your HTTP Post integration in your opt-in form's edit flow, and enter a Security Key.
Step 2: Once you've entered the secret key, all future webhook requests will contain the following two headers:
X-Mailmunch-Time: Unix epoch
Authorization: SHA256 hash of your secret key and timestamp encoded with base64.
The timestamp used for matching the authorization key should match with the timestamp in the X-MailMunch-Time header.
Here's a PHP code snippet to verify a secure request.
function is_secure_request() {
$headers = getallheaders();
$time = $headers['X-Mailmunch-Time'];
$authorization = isset($headers['Authorization']) ? $headers['Authorization'] : null;
if (empty($authorization)) return false;
list($algo, $hash) = explode(' ', $authorization);
$key = '#tToArng8YPJ4R'; // Replace with your own key
return hash('sha256', $key . $time, true) == base64_decode($hash);
}
if (is_secure_request()) {
// process contact
}
```
```