Generate a url with an expiration date and signature to prevent unauthorized access

v1.0.3 2017-10-20 01:04 UTC

This package is not auto-updated.

Last update: 2022-01-22 14:11:43 UTC


This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

$urlAuth = new Md5('randomkey');

$urlAuth->sign('https://myapp.com', 30, 'days');

// => The generated url will be valid for 30 days

This will output an URL that looks like https://myapp.com/?expires=xxxx&signature=xxxx.

Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL your application can validate it with:



The package can installed via Composer:

composer require abovesky/url-auth


A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures.

use abovesky\UrlAuth\Md5;

$urlAuth = new Md5('mysecretkey');

Generating URLs

Signed URLs can be generated by providing a regular URL and an expiration date to the sign method.

$expirationDate = (new DateTime)->modify('10 days');

$urlAuth->sign('https://myapp.com', $expirationDate);

// => The generated url will be valid for 10 days

If an integer is provided as expiration date, the url will be valid for that amount of days.

$urlAuth->sign('https://myapp.com', 30, 'days');

// => The generated url will be valid for 30 days

Validating URLs

To validate a signed URL, simply call the validate() method. This will return a boolean.


// => true


// => false

Writing custom signers

This packages provides a signer that uses md5 to generate signature. You can create your own signer by implementing the abovesky\UrlAuth\iUrlAuth-interface. If you let your signer extend abovesky\UrlAuth\Base you'll only need to provide the createSignature-method.


The tests can be run with:

$ vendor/bin/phpspec run


The MIT License (MIT). Please see License File for more information.