A simple library for API request authentication.

v0.10.3 2018-11-11 21:05 UTC


Build Status Coverage Status Latest Stable Version PHP 7.1 License

This PHP library provides a generic interface for authenticating outbound API requests and for verifying inbound API requests' authentication.

It is released under the MIT License.


Via Composer: $ composer require mle86/request-authentication

Or insert this into your project's composer.json file:

"require": {
    "mle86/request-authentication": "^0"

Dependencies and Minimum PHP Version


This library contains several AuthenticationMethod classes.

Each of those represents one mechanism for request authentication and verification. The BasicAuthenticationMethod for example adds an Authorization: Basic … HTTP header to outbound requests and verifies that header in inbound requests against a list of known usernames and their passwords.

Usually the AuthenticationMethod classes won't be used directly (apart from instantiating them), there's the RequestAuthenticator and RequestVerifier wrapper classes instead that take an AuthenticationMethod dependency.

To sign/authenticate an outbound request you'll need an AuthenticationMethod instance wrapped in a RequestAuthenticator instance, a client ID and a client secret, and the request to sign. The authenticate() method will add the required authentication headers to the request so that it can be sent.

To verify an inbound request you'll need an AuthenticationMethod instance of the same class wrapped in a RequestVerifier instance and a KeyRepository that will map the request's client ID to the same client secret used for signing the request.
(In case of the PublicKeyMethod class, the client will use its private key for signing and the KeyRepository must return the client's public key.)

Classes and Interfaces

More Documentation