Add to the sendbird webhook docs that "master api key" is needed to decode signature

I just spent about an hour debugging why my webhook signature didn’t match, I was using a sub api key rather than the master.

Ability to also reset master api keys would be nice, since we can’t do that, which forces me to use a sub key…

Hey @SamKK,

This was discussed to some degree here: Help with authenticating webhook signature - #2 by Jason

I’ll look into getting a note added into the documentation to reflect the requirements.

If you need to reset the master_api key, you can reach out to the support team and we can have it reset for you.


Yeah… it’s just most people will head to the docs rather than look through countless posts - I never even discovered this post when trying to resolve my issue;

If you want, here’s also a PHP(Laravel) snippet if you’d like to add that to the docs for others

public function handle(Request $request): JsonResponse
	$signature = $request->header('x-sendbird-signature');
	$body      = $request->getContent();
	//Master API Key stored in Laravel Config
	$apiKey    = config('services.sendbird.api_key');

	$hash = hash_hmac('sha256', $body, $apiKey);

    //Abort the request, since the hash and signature don't match
	if($hash !== $signature){
    //Do some webhooky things...