Authy API Webhook - Invalid Signature response

Question

I'm trying to create a Webhook according to the documentation page:

https://www.twilio.com/docs/authy/api/webhooks

My curl call looks like this:

curl -X POST "https://api.authy.com/dashboard/json/application/webhooks" \
   -d name="gridzdev_test" \
   -d app_api_key="7N0..." \
   -d access_key="4za..." \
   -d url="https://some-random-string.ngrok.io/api/2fa/webhook" \
   -d events="user_added" \
   -H "X-Authy-Signature-Nonce: FiNwPdKZci4l3LEn" \
   -H "X-Authy-Signature: feYEERfOSoWCB3ml5cnZFWs5xhc1sPeiWguhlJnokKQ="

Unfortunately, the response I receive is not what I expect:

{"message":"Invalid signature.","success":false,"error_code":"60000"}

The PHP code I'm using to generate signature:

public function handle() {
        $url = 'https://api.authy.com/dashboard/json/application/webhooks';
        $http_method = 'POST';
        $params = 'id=53';
        $nonce = 'FiNwPdKZci4l3LEn';

        $signing_key = 'pr...';

        $data = $nonce . '|' . $http_method . '|' . $url . '|' . $params;
        
        $digest = hash_hmac('sha256', $data, $signing_key, true); // TODO tried with binary = false, but no joy
        $digest_in_base64 = base64_encode($digest);

        $this->info("nonce = $nonce");
        $this->info("signature = $digest_in_base64");
    }