From 1298eccdd7ca84576fc5d448558f97198ac7059e Mon Sep 17 00:00:00 2001
From: Gabriel Odero <gabupostiga.gdco@gmail.com>
Date: Sat, 27 Aug 2022 02:15:21 +0300
Subject: [PATCH] Update README.md

---
 README.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/README.md b/README.md
index a5af91e..11b65ef 100644
--- a/README.md
+++ b/README.md
@@ -500,6 +500,29 @@ textMessageReplyRequest.Text.PreviewUrl = false;
 await _whatsAppBusinessClient.SendTextMessageAsync(textMessageReplyRequest);
 ```
 
+## Verify Webhook X-Hub-Signature-256 (Credits @Tekkharibo)
+```c#
+[HttpPost]
+public async Task<IActionResult> GetMessage()
+{
+    string stringifiedBody;
+
+    string xHubSignature256 = this.HttpContext.Request.Headers["X-Hub-Signature-256"].ToString();
+
+    using (var sr = new StreamReader(this.HttpContext.Request.Body))
+    {
+        stringifiedBody = await sr.ReadToEndAsync().ConfigureAwait(false);
+    }
+
+    string xHubSignature256Result = FacebookWebhookHelper.CalculateSignature(this._configuration.GetSection("WhatsAppBusinessCloudApiConfiguration")["AppSecret"], stringifiedBody);
+
+    if (!String.Equals(xHubSignature256, xHubSignature256Result, StringComparison.InvariantCultureIgnoreCase))
+        return this.Unauthorized("Invalid Signature");
+
+    return this.Ok();
+}
+```
+
 ## Error handling
 WhatsAppBusinessClient Throws ```WhatsappBusinessCloudAPIException``` It is your role as the developer to catch
 the exception and continue processing in your aplication. Snippet below shows how you can catch the WhatsappBusinessCloudAPIException.