I can't find any information on what algorithm to use to decode WooCommerce webhook field X-Wc-Webhook-Signature in PHP. Does anyone know how to decode it?
Thanks!
According to the docs: "A base64 encoded HMAC-SHA256 hash of the payload"
I'm guessing that the payload in this instances is the secret you've supplied in the webhook properties.
Source: https://woocommerce.github.io/woocommerce-rest-api-docs/v3.html#webhooks-properties
EDIT
Further digging indicates that the payload is the body of the request. So you'd use a HMAC library to create a sha256 hash of the payload using your webhook secret, and then base64 encode the result, and do the comparison with X-Wc-Webhook-Signature and see if they match.
Expanding on the current answers, this is the PHP code snippet you need:
$sig = base64_encode(hash_hmac('sha256', $request_body, $secret, true));
Where $secret is your secret, $request_body is the request body, which can be fetched with file_get_contents('php://input'); The $sig value should then be equal to the X-Wc-Webhook-Signature request header.