API Docsbeta
Please submit all support requests to help@vericlock.com

Overview

The VeriClock API is a RESTful API. All requests are either HTTP GET or POSTs and are directed at the VeriClock API endpoint:
https://api.vericlock.com
Currently all API actions are done in the context of a VeriClock user and are limited and restricted by the users specific set of permissions. For example a user that is an administrator has full API access. A user that is a regular employee will only be able to clock in/out, not be able to create jobs or employees, etc...

Request Format

All API requests must contain the following HTTP Headers:
HeaderDescription of Value
vericlock_api_public_key Your API Public Key in standard guid format: abcd1234-1234-1234-1234-abcd12345678
vericlock_domain The unique part of your access url. If your access URL is:

your_domain.vericlock.com

then the value for vericlock_domain would be

your_domain

Do not include the vericlock.com suffix.
vericlock_authtoken The guid authentication token received after authenticating. This is required for all API routes except authentication itself
vericlock_signature The HMAC signature for the request. See below on how to generate.
content-type application/json - Required only for HTTP POST requests that post a JSON body
idempotency_key Caches the request results in a lookup table with this key. Subsequent requests made within the timeout window will return the original request's results. This allows requests to behave idempotently where one or many invocations result in the request being processed only once. Valid key characters are A-Za-z0-9 dash(-), underscore(_), equals(=), plus(+) and forward slash(/). Idempotency keys will be removed from the cache after 24hours or longer depending on the API route.
All JSON object parameters, unless specified as [Required] can be considered optional and omitted if desired.

VeriClock Signature

The private key is a binary representation of your account's 16 byte private key. In your account, the keys are displayed as guid's for visual convenience only.
IMPORTAN! The path is the part of an API call after the hostname AND /api prefix ie.
Full url: https://api.vericlock.com/api/1.0/employee/query
path for HMAC: /1.0/employee/query 
private function _generateSignature($path, $privateKey, $bodyStr)
{
    $hashStr = $path . $bodyStr;
    $sig = hash_hmac('sha256', $hashStr, $privateKey);
    return $sig;
}

Response Format

The HTTP Response code will indicate whether the request was successful or not. 2xx responses indicate success. 4xx responses indicate some sort of user error, and the response JSON object will have more information. 5xx is an error on our side, and again the response JSON object may have additional information.

All content in the response body will be a JSON object related to the API request made. Usually a JSON object or JSON array.

Idempotency

Any non-GET request can be made idempotent by adding a unique key to the HTTP header idempotency_key. The results of such requests are cached for 24 hours, and subsequent requests of the same form with the same key will return the original results.

Some routes cannot be made idempotent, such as authentication. Generally all responses, 2xx,4xx, even 500 errors will be cached, making it safe to retry a request as many times as needed with the same idempotency key within the 24 hour window.

If a response was replayed from the idempotency cache, the response header idempotent_replayed will be set and equal to true.

Idempotency keys are unique to the authenticated user, but it is still strongly recommended to use a strongly random key, like a 128bit guid converted to hex or base64.

Responses to idempotent requests that generate specific error responses are not stored. Such errors are generally of the form 

    {
        "code": "errCode",
        "message": "errMsg"
    }

HTTP Response Code code message Details
409 IdempotencyConflict Request url does not match original request url The url (uri and query params) must match the original request for the same idempotency key
409 IdempotencyConflict Request method does not match original request method The request method must match the original request for the same idempotency key
409 IdempotencyConflict Request body does not match original request body The request body must match the original request for the same idempotency key
500 IdempotencyError Uknown error during idempotent request processing Something unexpected has occurred. You can try the request again, but likely you may need to contact support if the issue does not resolve itself.
500 IdempotencyError Timeout waiting for response The idempotecy_key has been used before, and the system timed out waiting for the original request to produce a result to be returned. The timeout is 2 minutes generally, and it is safe to retry, but if the request is not expected to take this long (few if any requests should take this long) then something unexpected may have happened and you will need to contact support to help resolve.

Authentication

Most API functions require authentication to occur first.
Authenticate
Description
Login & Authenticate with VeriClock's servers.
HTTP POST

https://api.vericlock.com/1.0/auth

Post Body

{
  "user":string,             //(Required)[string] employee email address
  "password":string          //(Required)[string] plain text password
}

Response

{
  "authToken": "d35b1486-43ca-42bb-828d-9f35bc4be2d4"
}
Logout
Description
Purposely invalidate your authentication token - otherwise it will invalidate naturally due to inactivity
HTTP POST

https://api.vericlock.com/api/1.0/logout

Post Details

Empty

Employee

Methods for creating, updating and retrieving employees.
Get Employee
Description
Get a specific employee by guid
HTTP GET

https://api.vericlock.com/api/1.0/employee/:employeeGuid

URI Parameters

Parameter Type Required | Optional Description
employeeGuid string Required Employee's guid

Group

Methods for clocking groups in and out of the service.
Get a Group by guid
Description
Get a Group by guid
HTTP GET

https://api.vericlock.com/api/1.0/group/:groupGuid

URI Parameters

Parameter Type Required | Optional Description
groupGuid string Required Group's guid

Response

{
  "guid": "19d9fd56-b893-4391-6ebe-f1d93e1c2c7e",
  "name": "Sales Team",
  "description": "",
  "employees": [
    "...employees in group list..."
  ]
}

Timesheet

Methods for retrieving time data.
Time Sheet Query
Description
Retrieve all clock events that match the posted search criteria
HTTP POST

https://api.vericlock.com/api/1.0/timesheet/query

Post Body

{                            //A time sheet query object describes what time data to retrieve
  "searchPeriod":{           //Search time frame
    "start":string,          //(Required)[string] Search period begins at this date-time
    "end":string,            //(Required)[string] Search period ends at this date-time
    "searchType":string,     //[string] [inOutTimeInclusive,inTimeInclusive,inOrOutTimeInclusive] Changes how search interprets start and end time ranges. inTimeInclusive will only consider a clock event's clock in time, inOutTimeInclusive will consider both the clock in time AND out time, both must be in the search window, and 'inOrOutTimeInclusive' either the clock event's start or end time must be within the search window. Default is 'inOutTimeInclusive'
    "includeInProgressEvents":boolean//[boolean] Include clock events of employees still clocked in - duration, cost, etc will assume a time up to the current moment
  },
  "applyScheduledDeductions":boolean,//[boolean] Apply the scheduled time deductions to all events
  "activeFilter":string,     //[string] [active,deleted,all] Allows the inclusive of deleted events as well or exclusively. Default is 'active'
  "approvedFilter":string,   //[string] [all,approved,unapproved] Filter for only approved timesheet entries. One of ['all','approved','unapproved']. Default is 'all'
  "employeeList":array,      //[array] Array of employee guid's
  "groupList":array,         //[array] Array of group guid's
  "jobList":array,           //[array] Array of job guid's
  "includeEmployeeIds":array,//[array] undefined
  "excludeEmployeeIds":array,//[array] undefined
  "includeGroupIds":array,   //[array] undefined
  "excludeGroupIds":array,   //[array] undefined
  "includeJobIds":array,     //[array] undefined
  "excludeJobIds":array,     //[array] undefined
  "includeServiceItemIds":array,//[array] undefined
  "excludeServiceItemIds":array,//[array] undefined
  "includeDeletedCustomFields":boolean,//[boolean] Include custom field data attached to the clock event even if the custom field has been deleted
  "requestExtraData":{       //Data returned will be minimal unless additional fields or objects are requested
    "reportsIn":boolean,     //[boolean] Include clock in reports for each clock event
    "reportsOut":boolean,    //[boolean] Include clock out reports for each clock event
    "customFieldsIn":boolean,//[boolean] Include clock in custom field data for each clock event
    "customFieldsOut":boolean,//[boolean] Include clock out custom field data for each clock event
    "editEmployee":boolean,  //[boolean] Include the last employee to edit each clock event
    "editReport":boolean,    //[boolean] Include all edit notes for each clock event
    "webInfoIn":boolean,     //[boolean] Include clock in details for web clocks if available. IP, Browser, etc...
    "phoneInfoIn":boolean,   //[boolean] Include clock in details for phone clocks if available. Caller ID, etc...
    "smsInfoIn":boolean,     //[boolean] Include clock in details for sms clocks if available. Caller ID, etc...
    "appInfoIn":boolean,     //[boolean] Include clock in details for app clocks if available. IP, Device, etc...
    "gpsInfoIn":boolean,     //[boolean] Include clock in GPS info if available. Lat, Lng, etc...
    "webInfoOut":boolean,    //[boolean] Include clock out details for web clocks if available. IP, Browser, etc...
    "phoneInfoOut":boolean,  //[boolean] Include clock out details for phone clocks if available. Caller ID, etc...
    "smsInfoOut":boolean,    //[boolean] Include clock out details for sms clocks if available. Caller ID, etc...
    "appInfoOut":boolean,    //[boolean] Include clock out details for app clocks if available. IP, Device, etc...
    "gpsInfoOut":boolean     //[boolean] Include clock out GPS info if available. Lat, Lng, etc...
  },
  "reportType":string        //[string] Custom report or not?
}

Response

[
  {
    "guid": "b0bf0bfa-0198-401a-bad1-89cc45afa6cf",
    "rootGuid": "b0bf0bfa-0198-401a-bad1-89cc45afa6cf",
    "employeeGuid": "21dbbb05-f53f-4095-9448-a289ffd9c1f9",
    "jobGuid": "3cdf9e3e-652e-48bf-9ff4-c5f50f1a1bff",
    "jobCode": null,
    "jobName": null,
    "serviceItemGuid": null,
    "serviceItemCode": null,
    "serviceItemName": null,
    "serviceRatePennies": 0,
    "start": "2009-01-01T08:05:00.000Z",
    "end": "2009-01-01T17:49:00.000Z",
    "duration": 584,
    "clockInReportId": null,
    "inDetails": {
      "method": "phone",
      "report": {
        "type": "audio",
        "url": "https://url.to.the.report/mp3/or/wav"
      },
      "callerID": "+15055551234",
      "calledNumber": "+15055550000",
      "callLength": "37"
    },
    "clockOutReportId": null,
    "outDetails": {
      "method": "web",
      "report": {
        "type": "text",
        "value": "Lab session went perfectly"
      },
      "ipAddress": "192.168.0.25",
      "userAgent": "chrome browser"
    },
    "deleted": false,
    "flags": 10,
    "gpsFlags": 0,
    "updateDate": null,
    "flagged": {
      "accessControlCallerIDClockIn": true
    },
    "approved": true
  },
  {
    "guid": "21e01763-0b5c-43bc-aca9-6ca656878ded",
    "rootGuid": "21e01763-0b5c-43bc-aca9-6ca656878ded",
    "employeeGuid": "cee90853-9d16-4989-b3d4-bf2c9720d499",
    "jobGuid": "c3a0726f-c5d0-4980-a25a-79bf84982953",
    "jobCode": null,
    "jobName": null,
    "serviceItemGuid": null,
    "serviceItemCode": null,
    "serviceItemName": null,
    "serviceRatePennies": 0,
    "start": "2009-02-01T08:27:00.000Z",
    "end": "2009-02-01T12:12:00.000Z",
    "duration": 225,
    "clockInReportId": null,
    "inDetails": {
      "method": "sms",
      "callerID": "+15055551234",
      "calledNumber": "+15055550000",
      "rawSMS": "in 625 100"
    },
    "clockOutReportId": null,
    "outDetails": {
      "method": "mobileWeb",
      "ipAddress": "192.168.0.119",
      "userAgent": "iphone/safari browser",
      "geoTagging": {
        "latitude": "49.264585002149",
        "longitude": "-123.12476435135",
        "accuracy": 25
      }
    },
    "deleted": false,
    "flags": 42,
    "gpsFlags": 0,
    "updateDate": null,
    "flagged": {
      "accessControlCallerIDClockIn": true,
      "jobRulesAssignmentMismatch": true
    },
    "approved": true
  },
  {
    "guid": "21e01763-0b5c-43bc-aca9-6ca656878ded",
    "rootGuid": "21e01763-0b5c-43bc-aca9-6ca656878ded",
    "employeeGuid": "77f8a6e6-a75e-4a89-95ab-a1a1ccbd79fe",
    "jobGuid": "5aa39fd7-6974-4ea5-9a2b-b229370fcde9",
    "jobCode": null,
    "jobName": null,
    "serviceItemGuid": null,
    "serviceItemCode": null,
    "serviceItemName": null,
    "serviceRatePennies": 0,
    "start": "2009-02-01T08:27:00.000Z",
    "end": "2009-02-01T12:12:00.000Z",
    "duration": 225,
    "clockInReportId": null,
    "inDetails": {
      "method": "phone",
      "callerID": "+15055551234",
      "calledNumber": "+15055550000"
    },
    "clockOutReportId": null,
    "outDetails": {
      "method": "phone",
      "callerID": "+15055551234",
      "calledNumber": "+15055550000"
    },
    "deleted": false,
    "flags": 24,
    "gpsFlags": 0,
    "updateDate": null,
    "flagged": {
      "accessControlCallerIDClockIn": true,
      "accessControlCallerIDClockOut": true
    }
  }
]
Notes
duration: in minutes inDetails.method: 'phone', 'sms', 'web', 'mobileWeb', 'edit', 'manualEntry'

Payroll

Gets the payroll items
Description
Gets the payroll items
HTTP POST

https://api.vericlock.com/api/1.0/payroll/query

Post Body

{
  "guid":string,             //[string] Payroll Item's guid
  "status":string,array      //[string,array] Payroll Item's status
}
Create payroll item
Description
Creates a new payroll item. Returns the newly created payroll item on success.
HTTP POST

https://api.vericlock.com/api/1.0/payroll/create

Post Body

{                            //PayrollItem Object. Describes a payroll item
  "name":string,             //(Required)[string] Name for the payroll item.
  "description":string,      //[string] Description of the payroll item.
  "status":string,           //[string] [active,inactive,deleted] Payroll item's active status
  "type":string,             //[string] [hourly,overtime,salary] Payroll item's pay type
  "linkedGuid":string,       //[string] Guid of linked payroll item
  "multiplier":number        //[number] Multiplier for the payroll item rate. This is only valid if linkedGuid is valid
}

Response

{
  "guid": "0304c2c9-188d-4186-bcc6-b6aee86eb3c9",
  "name": "Painting overtime",
  "description": "Overtime payroll for painting",
  "status": "active",
  "type": "hourly",
  "linkedGuid": null,
  "linkedName": null,
  "multiplier": null,
  "createdDate": "2025-05-08T22:48:25.000Z",
  "updateSyncId": 0
}
Update payroll items
Description
Update a payroll item with the posted payroll item object. The posted payroll item may be incomplete, only set fields will be updated.
HTTP POST

https://api.vericlock.com/api/1.0/payroll/:guid/update

URI Parameters

Parameter Type Required | Optional Description
guid string Required Payroll item's guid

Post Body

{                            //PayrollItem Object. Describes a payroll item
  "name":string,             //[string] Name for the payroll item.
  "description":string,      //[string] Description of the payroll item.
  "status":string,           //[string] [active,inactive,deleted] Payroll item's active status
  "type":string,             //[string] [hourly,overtime,salary] Payroll item's pay type
  "linkedGuid":string,       //[string] Guid of linked payroll item
  "multiplier":number        //[number] Multiplier for the payroll item rate. This is only valid if linkedGuid is valid
}

Response

{
  "guid": "0304c2c9-188d-4186-bcc6-b6aee86eb3c9",
  "name": "Painting overtime",
  "description": "Overtime payroll for painting",
  "status": "active",
  "type": "hourly",
  "linkedGuid": null,
  "linkedName": null,
  "multiplier": null,
  "createdDate": "2025-05-08T22:48:25.000Z",
  "updateSyncId": 0
}
Notes
* Some fields are not directly changeable such as guid
Gets payroll item rules
Description
Gets the list of payroll item rules
HTTP POST

https://api.vericlock.com/api/1.0/payroll/queryRules

Post Body

{
  "payType":integer,         //[integer] Pay type
  "jobGuid":string,          //[string] Job's guid
  "serviceItemGuid":string,  //[string] Service item's guid
  "employeeGuid":string,     //[string] Employee's guid
  "groupGuid":string,        //[string] Group's guid
  "payrollItemGuid":string   //[string] Payroll item's guid
}
Creates a payroll item rule
Description
Creates a payroll item rule
HTTP POST

https://api.vericlock.com/api/1.0/payroll/createRule

Post Body

{
  "payType":integer,         //(Required)[integer] Pay type
  "jobGuid":string,          //(Required)[string] Job's guid
  "serviceItemGuid":string,  //(Required)[string] Service item's guid
  "employeeGuid":string,     //(Required)[string] Employee's guid
  "groupGuid":string,        //(Required)[string] Group's guid
  "payrollItemGuid":string   //(Required)[string] Payroll item's guid
}
Delete a payroll item rule
Description
Delete a payroll item rule
HTTP POST

https://api.vericlock.com/api/1.0/payroll/deleteRule

Post Body

{
  "payType":integer,         //(Required)[integer] Pay type
  "jobGuid":string,          //(Required)[string] Job's guid
  "serviceItemGuid":string,  //(Required)[string] Service item's guid
  "employeeGuid":string,     //(Required)[string] Employee's guid
  "groupGuid":string,        //(Required)[string] Group's guid
  "payrollItemGuid":string   //(Required)[string] Payroll item's guid
}
Queries payroll info for specified employee
Description
Queries payroll info for specified employee
HTTP POST

https://api.vericlock.com/api/1.0/payroll/queryPayrollInfo

Post Body

{
  "employeeGuid":string      //(Required)[string] Employee's guid
}

ServiceItem

Activity Notes - Files

File activity notes
File Activity Note Upload
Description
Uploads file activity note to server
HTTP POST

https://api.vericlock.com/api/1.0/files/clockevent/upload

Post Body

{
  "clockEventGuid":string,   //(Required)[string] Clock event's guid
  "originalFileName":string, //(Required)[string] Original file name from user
  "description":string       //[string] Description of picture
}
File Activity Notes Get
Description
Gets file activity note from server
HTTP POST

https://api.vericlock.com/api/1.0/files/clockevent/get

Post Body

{
  "clockEventGuid":string,   //[string] Clock event's root guid
  "employeeGuid":string,     //[string] Employee's guid
  "jobGuid":string,          //[string] Job's guid
  "startDate":string,        //[string] Search period begins at this date-time (UTC)
  "endDate":string           //[string] Search period ends at this date-time (UTC)
}

Response

[
  {
    "guid": "8e153f4f-37ba-4657-8105-dbc661e02942",
    "createDate": "2020-12-08T19:37:48.000Z",
    "fileURL": "https://s3.amazonaws.com/CustomerClockEventFilesDev/xxxxxxxxxxxx.png",
    "fileSize": 113167,
    "fileType": "Image",
    "metadata": {
      "fileName": "xxxxxxxxxxxxx.png",
      "originalFileName": "floorplan.png",
      "description": "Floor plan of the garage - note the window placement"
    },
    "clockEventRootGuid": "dd7a0a7e-f579-439a-840a-16e9f07d9423",
    "employeeGuid": "95cfc3d1-684c-4048-89d6-4b7c1de572a2",
    "employeeName": "Jane Smith",
    "jobGuid": "992f59bf-7f4c-4f43-adfa-f2eb0f91b277",
    "jobName": "Garage Inspection - 556"
  }
]
File Activity Note Delete
Description
Delete file activity note
HTTP POST

https://api.vericlock.com/api/1.0/files/clockevent/delete

Post Body

{
  "fileGuid":string          //(Required)[string] File's guid
}
File Activity Note Delete List
Description
Deletes file activity notes by list
HTTP POST

https://api.vericlock.com/api/1.0/files/clockevent/deleteList

Post Body

{
  "guidList":array           //(Required)[array] undefined
}

Activity Notes - Text

Text only activity notes
Activity Notes Upload
Description
Uploads text only activity note to server
HTTP POST

https://api.vericlock.com/api/1.0/attachments/text/create

Post Body

{
  "clockEventGuid":string,   //(Required)[string] Clock event's guid
  "report":string            //(Required)[string] Report description
}
Text Activity Notes Get
Description
Gets text only activity note from server
HTTP POST

https://api.vericlock.com/api/1.0/attachments/text/get

Post Body

{
  "clockEventGuid":string,   //[string] Clock event's root guid
  "employeeGuid":string,     //[string] Employee's guid
  "jobGuid":string,          //[string] Job's guid
  "startDate":string,        //[string] Search period begins at this date-time (UTC)
  "endDate":string           //[string] Search period ends at this date-time (UTC)
}

Response

[
  {
    "guid": "24d4d179-2bf9-474c-b2c8-2a79ed8853db",
    "createDate": "2020-12-08T20:09:31.000Z",
    "report": "Roof needs a closer inspection next visit",
    "clockEventRootGuid": "dd7a0a7e-f579-439a-840a-16e9f07d9423",
    "employeeGuid": "95cfc3d1-684c-4048-89d6-4b7c1de572a2",
    "employeeName": "Jane Smith",
    "jobGuid": "992f59bf-7f4c-4f43-adfa-f2eb0f91b277",
    "jobName": "Garage Inspection - 556"
  }
]
Text Activity Note Delete
Description
Delete text activity note
HTTP POST

https://api.vericlock.com/api/1.0/attachments/text/delete

Post Body

{
  "reportGuid":string        //(Required)[string] Report's guid
}
Text Activity Note Delete List
Description
Deletes text activity notes by list
HTTP POST

https://api.vericlock.com/api/1.0/attachments/text/deleteList

Post Body

{
  "guidList":array           //(Required)[array] undefined
}

Settings - Clock Access Control

Methods for changing the clock in/out access control settings
Create caller ID Access Rule
Description
Creates/updates a caller ID access rule for job referenced by URI parameter :jobGuid
HTTP POST

https://api.vericlock.com/api/1.0/settings/accessControl/callerID/:jobGuid

URI Parameters

Parameter Type Required | Optional Description
jobGuid string Required The GUID of the job this rule will apply to or 'global' for the global rules

Post Body

{
  "permission":string,       //(Required)[string] [allow,deny] Permission type
  "flagOnly":boolean,        //[boolean] Flag Only - if true, clocks matching rule are not blocked, but are instead flagged only
  "phoneNumber":string,      //[string] Phone number for the rule, blank for generic base case. International format.
  "notes":string             //[string] Short description about the phone number
}
Get caller ID Access Rule
Description
Retrieves all or a specific caller ID access rule referenced by URI parameter :jobGuid
HTTP GET

https://api.vericlock.com/api/1.0/settings/accessControl/callerID/:jobGuid

URI Parameters

Parameter Type Required | Optional Description
jobGuid string Optional The GUID of the job this rule will apply to - use 'global' to refer to the global rules. Leave empty to retrieve all rules.
Removes a caller ID access rule
Description
URI parameter :jobGuid refers to the rule to be deleted.
HTTP DELETE

https://api.vericlock.com/api/1.0/settings/accessControl/callerID/:jobGuid

URI Parameters

Parameter Type Required | Optional Description
jobGuid string Optional The GUID of the job this rule will apply to - use 'global' to refer to the global rules.

Post Body

{
  "phoneNumber":string       //[string] Phone number for the rule, blank for generic base case, wildcard * for entire rule.  International format.
}
Create IP Address Access Rule
Description
Creates/updates a IP Address access rule for job referenced by URI parameter :jobGuid
HTTP POST

https://api.vericlock.com/api/1.0/settings/accessControl/ipAddress/:jobGuid

URI Parameters

Parameter Type Required | Optional Description
jobGuid string Required The GUID of the job this rule will apply to or 'global' for the global rules

Post Body

{
  "permission":string,       //(Required)[string] [allow,deny] Permission type
  "flagOnly":boolean,        //[boolean] Flag Only - if true, clocks matching rule are not blocked, but are instead flagged only
  "ipAddress":string,        //[string] IP Address for the rule, blank for generic base case, wildcard * for entire rule..
  "notes":string             //[string] Short description about the IP address
}
Get IP Address Access Rule
Description
Retrieves all or a specific IP Address access rule referenced by URI parameter :jobGuid
HTTP GET

https://api.vericlock.com/api/1.0/settings/accessControl/ipAddress/:jobGuid

URI Parameters

Parameter Type Required | Optional Description
jobGuid string Optional The GUID of the job this rule will apply to - use 'global' to refer to the global rules. Leave empty to retrieve all rules.
Removes an IP Address access rule
Description
URI parameter :jobGuid refers to the rule to be deleted.
HTTP DELETE

https://api.vericlock.com/api/1.0/settings/accessControl/ipAddress/:jobGuid

URI Parameters

Parameter Type Required | Optional Description
jobGuid string Optional The GUID of the job this rule will apply to - use 'global' to refer to the global rules.

Post Body

{
  "ipAddress":string         //[string] IP Address for the rule, blank for generic base case, wildcard * for entire rule..
}

Webhooks 

function _validateSignature($privateKey, $data, $signature)
{
    $sig = hash_hmac('sha256', $data, $privateKey);
    return ($sig === $signature);
}
  • $privateKey is binary.
  • $data is the URI ('/' if blank) concatenated with the request body
  • $signature is the HEX string in the http header: VERICLOCK_SIGNATURE