brandembassy/hmac-request-signature

This package's canonical repository appears to be gone and the package has been frozen as a result. Email us for help if needed.

Maintainers

Package info

github.com/BrandEmbassy/hmac-request-signature

pkg:composer/brandembassy/hmac-request-signature

Statistics

Installs: 98 652

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 1

Security

Advisories: 0

Aikido package health analysis

2.0 2023-09-07 21:16 UTC

Requires

Requires (Dev)

proprietary 70881936327a513aa2aba9138ce94114772c7aaa

This package is auto-updated.

Last update: 2025-06-04 09:37:16 UTC

README

This small library will allow you to sign http reuqests for future verification. This is typically used as optional security in webhook consuming apps

Installation

composer require brandembassy/hmac-request-signature

Usage

Signed requests contains HTTP headers X-Request-Signature: Signature itself (base64) X-Signature-Algorithm: Algorithm used to calc signature (default: sha256)

How to sign your requests

You need to use RequestSignerMiddleware in guzzle client handlers stack, you can use SignedRequestsClientFactory::create('{{yourSecretKey}}'). This middleware will calc signature from request payload and secret key and provide it in request header X-Request-Signature.

How to validate request signature

Just use SignedRequestValidator::validateSignature where exception is thrown in case signature validation failed