How I did it in the past was doing everything in one script.
The PHP script runs this statement:
$contents = file_get_contents(‘php://input’);
If the contents are empty, then it checks and creates the required hook.
If the contents were not empty, then it checks if the Hook Secret is present by doing the following:
isset($_SERVER[‘HTTP_X_HOOK_SECRET’])
If the Hook Secret is present, then it auto-verifies by doing the following:
header('X-Hook-Secret: ’ . $_SERVER[‘HTTP_X_HOOK_SECRET’]);
If there is Contents, but no Hook Secret, then the Rest Hook has posted data in which you can process it accordingly.
Hope that helps.