twilio - Authy API Webhook - 无效的签名响应

Question

我正在尝试根据文档页面创建一个 Webhook：

https://www.twilio.com/docs/authy/api/webhooks

我的 curl 调用如下所示：

curl -X POST "https://api.authy.com/dashboard/json/application/webhooks" \
   -d name="gridzdev_test" \
   -d app_api_key="7N0..." \
   -d access_key="4za..." \
   -d url="https://some-random-string.ngrok.io/api/2fa/webhook" \
   -d events="user_added" \
   -H "X-Authy-Signature-Nonce: FiNwPdKZci4l3LEn" \
   -H "X-Authy-Signature: feYEERfOSoWCB3ml5cnZFWs5xhc1sPeiWguhlJnokKQ="

不幸的是，我收到的回复不是我所期望的：

{"message":"Invalid signature.","success":false,"error_code":"60000"}

我用来生成签名的 PHP 代码：

public function handle() {
        $url = 'https://api.authy.com/dashboard/json/application/webhooks';
        $http_method = 'POST';
        $params = 'id=53';
        $nonce = 'FiNwPdKZci4l3LEn';

        $signing_key = 'pr...';

        $data = $nonce . '|' . $http_method . '|' . $url . '|' . $params;
        
        $digest = hash_hmac('sha256', $data, $signing_key, true); // TODO tried with binary = false, but no joy
        $digest_in_base64 = base64_encode($digest);

        $this->info("nonce = $nonce");
        $this->info("signature = $digest_in_base64");
    }