Validar con headers

app/src/Middleware/API.php

@@ -88,7 +88,7 @@ class API
         $data = $this->externalPaths[$basePath][$subPath];
         if (isset($data['validator'])) {
             $method = [$data['validator'], 'validateToken'];
-            if ($method($request, $data['token'])) {
+            if ($method($request, $data)) {
                 return true;
             }
         }

app/src/Service/Venta/MediosPago/Toku.php

@@ -395,16 +395,24 @@ class Toku extends Ideal\Service
         return $data;
     }
 
-    public static function validateToken(ServerRequestInterface $request, string $token): bool
+    public static function validateToken(ServerRequestInterface $request, array $tokenConfig): bool
     {
-        $tokenHeader = $request->getHeader('token');
+        if (!$request->hasHeader('User-Agent') or !str_starts_with($request->getHeaderLine('User-Agent'), 'Toku-Webhooks')) {
-        if (is_array($tokenHeader)) {
+            return false;
-            $tokenHeader = $tokenHeader[0];
         }
-        $json = json_decode($tokenHeader, true);
+        if (!$request->hasHeader('X-Datadog-Tags') or !$request->hasHeader('Tracestate')) {
-        if ($json !== null) {
+            return false;
-            $tokenHeader = $json;
         }
-        return strtolower($tokenHeader['header']) === 'x-api-key' and $tokenHeader['token'] === $token;
+        if (!$request->hasHeader('Toku-Signature')) {
+            return false;
+        }
+
+        $tracestate = explode(';', substr($request->getHeaderLine('Tracestate'), strlen('dd=')));
+        $ptid = substr(array_find($tracestate, fn($item) => str_starts_with($item, 't.tid:')), strlen('t.tid:'));
+        $datadogTags = explode(',', $request->getHeaderLine('X-Datadog-Tags'));
+        $tid = array_find($datadogTags, fn($item) => str_contains($item, 'p.tid='));
+        $tid = substr($tid, strpos($tid, 'p.tid=') + strlen('p.tid='));
+
+        return $tid === $ptid;
     }
 }