ayodvr / laravel-webhook-manager
A reusable package for Laravel that allows developers to receive, process, and manage incoming webhooks reliably.
Installs: 4
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Language:Blade
pkg:composer/ayodvr/laravel-webhook-manager
Requires
- php: ^8.2
- laravel/framework: ^10.0 || ^11.0 || ^12.0
- laravel/tinker: ^2.10.1
Requires (Dev)
- fakerphp/faker: ^1.23
- laravel/pail: ^1.2.2
- laravel/pint: ^1.24
- laravel/sail: ^1.41
- mockery/mockery: ^1.6
- nunomaduro/collision: ^8.6
- phpunit/phpunit: ^11.5.3
README
A reusable Laravel package for receiving, processing, and managing incoming webhooks reliably. It handles webhooks from multiple providers, prevents duplicates, and ensures high reliability for critical backend systems.
Features
- Signature Verification: Ensures incoming requests are authentic using HMAC-SHA256.
- Automatic Duplicate Prevention: Uses unique job IDs to prevent duplicate processing.
- Reliable Processing: Queue-based asynchronous processing with automatic retries.
- Event Dispatching: Fires Laravel events (
WebhookReceived) for easy integration. - Configurable: Customizable retry intervals, queue names, signature secrets, and more.
- Multiple Providers: Support for Stripe, PayPal, GitHub, and more.
Installation
Requirements
- PHP: ^8.2
- Laravel: ^10.0 || ^11.0 || ^12.0
Via Composer
composer require ayodvr/laravel-webhook-manager
Publish Configuration
Publish the configuration file:
php artisan vendor:publish --tag=webhook-config
Publish Migration
Run the migration to create the webhook events table:
php artisan migrate
Set your webhook signature secret in your .env file:
WEBHOOK_SIGNATURE_SECRET=your-secret-key-here
For Paystack Setup
- Get your webhook secret from the Paystack Dashboard → Settings → API Keys & Webhooks
- Set webhook URL to:
https://your-domain.com/webhooks/paystack - Test webhook using Paystack's dashboard webhook tester
Usage
Receiving Webhooks
Webhooks are automatically handled at the /webhooks/{provider} route. For example:
- Stripe:
POST /webhooks/stripe - PayPal:
POST /webhooks/paypal
Configure your webhook providers to send POST requests to these URLs with a X-Webhook-Signature header containing the HMAC-SHA256 signature of the request body.
Listening to Webhooks
Listen to the WebhookReceived event to process webhook data:
<?php namespace App\Listeners; use Cybrox\WebhookManager\Events\WebhookReceived; class ProcessStripeWebhook { public function handle(WebhookReceived $event): void { $webhookEvent = $event->webhookEvent; // Process the webhook based on provider and event type switch ($webhookEvent->provider) { case 'stripe': $this->handleStripeWebhook($webhookEvent); break; case 'paypal': $this->handlePaypalWebhook($webhookEvent); break; // Add more providers as needed } } private function handleStripeWebhook($event) { $payload = json_decode($event->payload, true); // Example: Handle payment succeeded if ($event->event_type === 'payment.succeeded') { // Update order status, send notifications, etc. } } }
Register the listener in EventServiceProvider:
protected $listen = [ WebhookReceived::class => [ ProcessStripeWebhook::class, ], ];
Configuration Options
Edit config/webhook-manager.php to customize behavior:
return [ 'signature_secret' => env('WEBHOOK_SIGNATURE_SECRET'), 'max_attempts' => env('WEBHOOK_MAX_ATTEMPTS', 3), 'queue' => env('WEBHOOK_QUEUE', 'webhooks'), 'providers' => [ 'stripe', 'paypal', 'github', ], ];
Security
- Webhooks are verified using HMAC-SHA256 signatures.
- Use HTTPS in production.
- Store signature secrets securely as environment variables.
Testing
Run the test suite:
php artisan test tests/Feature/WebhookTest.php
Contributing
Contributions are welcome! Please see the contributing guide for more details.
License
This package is open-sourced software licensed under the MIT license.