diff --git a/src/LaravelEcho/Http/Controllers/EchoController.php b/src/LaravelEcho/Http/Controllers/EchoController.php
index dd0200a..b62549e 100644
--- a/src/LaravelEcho/Http/Controllers/EchoController.php
+++ b/src/LaravelEcho/Http/Controllers/EchoController.php
@@ -42,6 +42,7 @@ abstract class EchoController implements HttpServerInterface
         $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));
 
         $this->verifyAppId($laravelRequest->appId);
+        $this->verifySignature($laravelRequest);
 
         $response = $this($laravelRequest);
 
@@ -80,5 +81,23 @@ abstract class EchoController implements HttpServerInterface
         throw new HttpException(401, "Unknown app id `{$appId}` provided.");
     }
 
+    protected function verifySignature(Request $request)
+    {
+        $bodyMd5 = md5($request->getContent());
+
+        $signature =
+            "{$request->getMethod()}\n/{$request->path()}\n".
+            "auth_key={$request->get('auth_key')}".
+            "&auth_timestamp={$request->get('auth_timestamp')}".
+            "&auth_version={$request->get('auth_version')}".
+            "&body_md5={$bodyMd5}";
+
+        $authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);
+
+        if ($authSignature !== $request->get('auth_signature')) {
+            throw new HttpException(401, 'Invalid auth signature provided.');
+        }
+    }
+
     abstract public function __invoke(Request $request);
 }
\ No newline at end of file
diff --git a/src/LaravelEcho/Http/Controllers/TriggerEvent.php b/src/LaravelEcho/Http/Controllers/TriggerEvent.php
index 7ede325..2fbcf7f 100644
--- a/src/LaravelEcho/Http/Controllers/TriggerEvent.php
+++ b/src/LaravelEcho/Http/Controllers/TriggerEvent.php
@@ -2,9 +2,7 @@
 
 namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers;
 
-use BeyondCode\LaravelWebSockets\ClientProviders\Client;
 use Illuminate\Http\Request;
-use Symfony\Component\HttpKernel\Exception\HttpException;
 
 class TriggerEvent extends EchoController
 {
@@ -24,22 +22,4 @@ class TriggerEvent extends EchoController
 
         return $request->json()->all();
     }
-
-    protected function verifySignature(Request $request)
-    {
-        $bodyMd5 = md5($request->getContent());
-
-        $signature =
-            "POST\n/apps/{$request->get('appId')}/events\n".
-            "auth_key={$request->get('auth_key')}".
-            "&auth_timestamp={$request->get('auth_timestamp')}".
-            "&auth_version={$request->get('auth_version')}".
-            "&body_md5={$bodyMd5}";
-
-        $authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);
-
-        if ($authSignature !== $request->get('auth_signature')) {
-            throw new HttpException(401, 'Invalid auth signature provided.');
-        }
-    }
 }
\ No newline at end of file