transferwise · ROBERT-MCDOWELL · May 14, 2022 · May 14, 2022 · May 15, 2022
diff --git a/verify-webhook-signature/README.md b/verify-webhook-signature/README.md
@@ -26,5 +26,13 @@ Source code: [verify-signature.js](https://github.com/transferwise/digital-signa
 $ node verify-signature.js
 ```
 
+### PHP implementation
+
+Source code: [verify-signature.php](https://github.com/transferwise/digital-signatures-examples/blob/main/verify-webhook-signature/verify-signature.php)
+
+```bash
+$ php verify-signature.php
+```
+
 ### API Documentation
-- [Wise API: Webhooks](https://api-docs.wise.com/#webhook-events-event-http-requests)
+- [Wise API: Webhooks](https://api-docs.wise.com/#webhook-events-event-http-requests)
diff --git a/verify-webhook-signature/verify-signature.php b/verify-webhook-signature/verify-signature.php
@@ -0,0 +1,28 @@
+<?php
+
+$sandbox_public_key = <<<EOD
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpb91cEYuyJNQepZAVfP
+ZIlPZfNUefH+n6w9SW3fykqKu938cR7WadQv87oF2VuT+fDt7kqeRziTmPSUhqPU
+ys/V2Q1rlfJuXbE+Gga37t7zwd0egQ+KyOEHQOpcTwKmtZ81ieGHynAQzsn1We3j
+wt760MsCPJ7GMT141ByQM+yW1Bx+4SG3IGjXWyqOWrcXsxAvIXkpUD/jK/L958Cg
+nZEgz0BSEh0QxYLITnW1lLokSx/dTianWPFEhMC9BgijempgNXHNfcVirg1lPSyg
+z7KqoKUN0oHqWLr2U1A+7kqrl6O2nx3CKs1bj1hToT1+p4kcMoHXA7kA+VBLUpEs
+VwIDAQAB
+-----END PUBLIC KEY-----
+EOD;
+
+$public_key_id = openssl_pkey_get_public($sandbox_public_key);
+$public_key_array = openssl_pkey_get_details($public_key_id);
+
+$webhook_body = '{"data":{"resource":{"id":49983981,"profile_id":16055450,"account_id":14124090,"type":"transfer"},"current_state":"incoming_payment_waiting","previous_state":null,"occurred_at":"2021-08-23T10:12:50Z"},"subscription_id":"90aa8e14-4ef1-4a56-861c-f3c9cde097ea","event_type":"transfers#state-change","schema_version":"2.0.0","sent_at":"2021-08-23T10:12:50Z"}';
+
+$signature_header = "wKcKCYXAzxNgiu7xmoDm943NUni7Rz33QN8JkEA9dWSGebgndonabgSj18Y4C08OrwVmueGsED2s00M7DtJVcYKOS1i3G4TMVx+mgM3aL9djMBkQtiYNBFUd6wrPI7ZUNHv/TrlKSjTMc+6JFvUvJ7owY3z85e3I4jLRLJowMFvO8kvCJ60+1pY9wDwZvtZ//WS93LrwGjk9Dvwzpmu0w+P4J75tETT5qC3Uv0y5G2yO8SEoO3yNP/tg/BOli02niHb53vEOUWUb9bly6thnfMoXoiV/osoGxgF20R58RlvkAmezyyl1Sv542TfS2DpiwVnmjjjkCyXeSUcKookYLQ==";
+
+$decoded_signature_header = base64_decode($signature_header);
+
+$is_valid = openssl_verify($webhook_body,$decoded_signature_header,$public_key_array['key'],OPENSSL_ALGO_SHA256);
+
+echo "Is signature valid? ".$is_valid."\n";
+
+?>