Postback Security

<?php
   $secret = "SECRET_KEY"; // Get your secret from placement settings

   $subId = isset($_GET['subId']) ? $_GET['subId'] : null;
   $transId = isset($_GET['transId']) ? $_GET['transId'] : null;
   $reward = isset($_GET['reward']) ? $_GET['reward'] : null;
   $signature = isset($_GET['signature']) ? $_GET['signature'] : null;

   // Validate Signature
   if(md5($subId . $transId . $reward . $secret) != $signature)
   {
       echo "ERROR: Signature doesn't match";
       return;
   }

   // Further processing can be done here
   echo "Signature is valid. Process the postback.";
?>

from flask import Flask, request, jsonify
import hashlib

app = Flask(__name__)
secret = "SECRET_KEY"  # Get your secret from placement settings

@app.route('/postback', methods=['GET'])
def postback():
    subId = request.args.get('subId')
    transId = request.args.get('transId')
    reward = request.args.get('reward')
    signature = request.args.get('signature')

    # Validate Signature
    if hashlib.md5((subId + transId + reward + secret).encode()).hexdigest() != signature:
        return "ERROR: Signature doesn't match", 400

    # Further processing can be done here
    return "Signature is valid. Process the postback."

if __name__ == '__main__':
    app.run()