private function checkApiAccess(Request $request) { $key = $request->headers->get('authorization'); if (null !== $key) { $key = substr($key, 6); } $apiAccount = ApiQuery::create()->findOneByApiKey($key); if (null === $apiAccount) { throw new UnauthorizedHttpException('Token'); } $secureKey = pack('H*', $apiAccount->getSecureKey()); $sign = hash_hmac('sha1', $request->getContent(), $secureKey); if ($sign != $request->query->get('sign')) { throw new PreconditionFailedHttpException('wrong body request signature'); } return $apiAccount; }