Discussions

Ask a Question
Back to All

Webhook secret

over 1 year ago by [email protected]

I have a webhook set up to send SMS messages to my application. The webhook has a secret. I'm receiving these, but they don't appear to be encoded with the secret I set up. I found a one-line PHP script online that is:
printr(json_decode(base64_decode(str_replace('', '/', str_replace('-','+',explode('.', $token)[1])))));
which outputs the decoded json message item.

It looks like the message is just sent in base64_encoded format rather than encrypted as I expected it to be.

This is the webhook, which includes a secret which I've hashed out:
{ "items": [ { "hook_url": "[domain]/index.php?option=com_smsarchive&task=receiveSMS&output=raw&coid=43", "id": "XXXXXXXX785856", "signature": { "algo": "HS256", "secret": "XXXXXXXXX", "type": "jwt" } } ] }

I should mention, I'm in the sandbox, I don't suppose this is a limiation of the sandbox?