Laravel signature certification with web API server.

1.0.3 2017-12-05 12:26 UTC

This package is auto-updated.

Last update: 2020-07-22 05:03:44 UTC


Scrutinizer Code Quality Build Status Code Coverage Build Status Latest Stable Version Latest Unstable Version Latest Stable Version Total Downloads License


The larsign package authorized signature server.


  • Handles larsign requests


Require the havenshen/larsign package in your composer.json and update your dependencies:

$ composer require havenshen/larsign

Add the HavenShen\Larsign\LarsignServiceProvider to your config/app.php providers array:


Add the HavenShen\Larsign\LarsignFacade to your config/app.php aliases array:

'Larsign' => HavenShen\Larsign\LarsignFacade::class,

Global usage

To allow Larsign for all your routes, add the HandleLarsign middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
    // ...

Group middleware

If you want to allow Larsign on a specific middleware group or route, add the HandleLarsign middleware to your group:

protected $middlewareGroups = [
    'web' => [
       // ...

    'api' => [
        // ...

Application route middleware

If you want to allow Larsign on a specific application middleware or route, add the HandleLarsign middleware to your application route:

protected $routeMiddleware = [
    // ...
    'auth.larsign' => \HavenShen\Larsign\HandleLarsign::class,


The defaults are set in config/larsign.php. Copy this file to your own config directory to modify the values. You can publish the config using this command:

$ php artisan vendor:publish --provider="HavenShen\Larsign\LarsignServiceProvider"
return [
     | Larsign
    'headerName' => env('LARSIGN_HEADER_NAME', 'Larsign'),
    'accessKey' => env('LARSIGN_ACCESS_KEY', ''),
    'secretKey' => env('LARSIGN_SECRET_KEY', ''),

Add api route in routes/api.php Copy this.

Route::middleware(['auth.larsign'])->group(function () {
    Route::get('/larsign', function () {
    return [
        'message' => 'done.'


Route::get('/larsign', function () {
    return [
        'message' => 'done.'


Generate Larsign signatures

  1. Assume the following management credentials:
AccessKey = "test"
SecretKey = "123456"
  1. Call interface address:
url = "https://larsign.dev/api/v1/test?page=1"
  1. The original string to be signed:

note: the time-stamping followed by a newline [currenttime + voucher valid seconds]

signingStr = "/api/v1/test?page=1\n1510986405"
  1. Base64 url safe encode:
signingStrBase64UrlSafeEncode = "L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. hmac_sha1 carries SecretKey encryption then base64 url safe encode:
sign = "MLKnFIdI-0TOQ4mHn5TyCcmWACU="
  1. The final administrative credentials are:

note: stitching headerName Space AccessKey:sign:signingStrBase64UrlSafeEncode

larsignToken = "Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. Add http header:

note: header key in config/larsign.php -> headerName

Larsign:Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1

Client signature authorization failed

Http Response: 403


$ phpunit


The MIT License (MIT). Please see License File for more information.