Installs: 86 661

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1 006

Watchers: 17

Forks: 45

Open Issues: 0

v9.0.0 2024-03-25 20:55 UTC


GitHub Workflow Status 68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f636c61726b656173682f646f6f726d616e2e7376673f7374796c653d666f722d7468652d6261646765 GitHub release (latest SemVer) 687474703a2f2f696d672e736869656c64732e696f2f62616467652f617574686f722d40636c61726b656173682d626c75652e7376673f7374796c653d666f722d7468652d6261646765

Doorman provides a way to limit access to your Laravel applications by using invite codes.

Invite Codes:

  • Can be tied to a specific email address.
  • Can be available to anyone (great for sharing on social media).
  • Can have a limited number of uses or unlimited.
  • Can have an expiry date, or never expire.

Laravel Support

Laravel Doorman
5.x 3.x
6.x 4.x
7.x 5.x
8.x 6.x
9.x 7.x
10.x 8.x
11.x 9.x


You can pull in the package using composer:

$ composer require "clarkeash/doorman=^9.0"

Next, migrate the database:

$ php artisan migrate


Generate Invites

Make a single generic invite code with 1 redemption, and no expiry.


Make 5 generic invite codes with 1 redemption each, and no expiry.


Make an invite with 10 redemptions and no expiry.


Make an invite with unlimited redemptions and no expiry.


Make an invite that expires on a specific date.

$date = Carbon::now('UTC')->addDays(7);

Make an invite that expires in 14 days.


Make an invite for a specific person.


Alternatively instead of calling make() which will return a collection of invites you can call once() if you only want a single invite generated.

$invite = Doorman::generate()->for('')->once();

Redeem Invites

You can redeem an invite by calling the redeem method. Providing the invite code and optionally an email address.

// or
Doorman::redeem('ABCDE', '');

If doorman is able to redeem the invite code it will increment the number of redemptions by 1, otherwise it will throw an exception.

  • InvalidInviteCode is thrown if the code does not exist in the database.
  • ExpiredInviteCode is thrown if an expiry date is set and it is in the past.
  • MaxUsesReached is thrown if the invite code has already been used the maximum number of times.
  • NotYourInviteCode is thrown if the email address for the invite does match the one provided during redemption, or one was not provided during redemption.

All of the above exceptions extend DoormanException so you can catch that exception if your application does not need to do anything specific for the above exceptions.

try {
    Doorman::redeem(request()->get('code'), request()->get('email'));
} catch (DoormanException $e) {
    return response()->json(['error' => $e->getMessage()], 422);

Check Invites without redeeming them

You can check an invite by calling the check method. Providing the invite code and optionally an email address. (It has the same signature as the redeem method except it will return true or false instead of throwing an exception.

// or
Doorman::check('ABCDE', '');

Change Error Messages (and translation support)

In order to change the error message returned from doorman, we need to publish the language files like so:

$ php artisan vendor:publish --tag=doorman-translations

The language files will then be in /resources/lang/vendor/doorman/en where you can edit the messages.php file, and these messages will be used by doorman. You can create support for other languages by creating extra folders with a messages.php file in the /resources/lang/vendor/doorman directory such as de where you could place your German translations. Read the localisation docs for more info.


If you would perfer to validate an invite code before you attempt to redeem it or you are using Form Requests then you can validate it like so:

public function store(Request $request)
    $this->validate($request, [
        'email' => 'required|email|unique:users',
        'code' => ['required', new DoormanRule($request->get('email'))],

    // Add the user to the database.

You should pass the email address into the constructor to validate the code against that email. If you know the code can be used with any email, then you can leave the parameter empty.

Config - change table name

First publish the package configuration:

$ php artisan vendor:publish --tag=doorman-config

In config/doorman.php you will see:

return [
    'invite_table_name' => 'invites',

If you change the table name and then run your migrations Doorman will then use the new table name.


To remove used and expired invites you can use the cleanup command:

$ php artisan doorman:cleanup