stripe-php

        public function webHookReceiver ($request, $response, $args)
    {

        $endpoint_secret = $config['stripe.webhook_key'];

        $payload = $request->getBody();

        $sig_header = $request->getHeaderLine('Stripe-Signature');

        $data = json_decode($payload, true);
        $jsonError = json_last_error();
        if ($data === null && $jsonError !== JSON_ERROR_NONE) {
            $msg = "Invalid payload: $payload "
              . "(json_last_error() was $jsonError)";
            throw new \UnexpectedValueException($msg);
        }
        $event = Event::constructFrom($data);

        $items = explode(",", $sig_header);
        $timestamps = explode("=", $item[0]);
        $timestamp = $timestamps[1];

        $itemParts = explode("=", $items[1], 2);

        if(!($itemParts[0] === "v1")){
            return $response->withStatus(400);
        }

        $signature = $itemParts[1];

        $expectedSignature = hash_hmac("sha256", "$timestamp.$payload", $endpoint_secret);

        if (!hash_equals($expectedSignature, $signature)) {
            return $response->write("Invalid signature \n$signature\n$expectedSignature");
        }

        else {
            return $response->write('success');
        }
    }