About webhook validation in developer sandbox

I’m doing webhook validation in developer sandbox but it fails.

This is done with reference to “Webhooks & Notifications” - “Receiving Webhook Notifications” - “Validation” in the “Developer Portal”.

My question is, can the public key obtained from “Download this public key to validate the above signature.” be used in the developer sandbox?
If not, is it possible to download it somewhere?

I am using PHP and doing Validation with the code below.
Please let me know if there are any mistakes.

I deleted the code because there was an error.
Below is the code that worked fine.


Thanks for bringing this to our attention, there is an issue with the documentation.

Please use the below public key for the sandbox webhooks.

-----END PUBLIC KEY-----

1 Like

Hi alinder

Thank you very much for your very prompt response.
Verification worked fine using the public key provided.
However, there was an error in the code I wrote, so I will post the corrected code.


namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class VerifyFireBlocks
     * Handle an incoming request.
     * @param Request $request
     * @param \Closure(Request): (Response) $next
     * @return Response
    public function handle(Request $request, Closure $next): Response
        $signature = $request->header('fireblocks-signature');

        if (blank($signature)) {
            return response('Signature required', 401);

        if (!$this->isSignatureValid($request->getContent(), $signature)) {
            return response('Unauthorized', 401);

        return $next($request);

     * @param $body
     * @param $signature
     * @return bool
    private function isSignatureValid($body, $signature): bool
        try {
            $public_key = '<PUBLIC KEY>';
            $key_resource = openssl_get_publickey($public_key);

            $verified = openssl_verify($body, base64_decode($signature), $key_resource, OPENSSL_ALGO_SHA512);

            return $verified === 1;
        } catch (\Exception $e) {
            return false;
1 Like