Search by 
Official PHP SDK for Webhook Platform
Maintainers
2.2.1
2026-03-01 17:59 UTC
Requires
- php: >=8.1
- ext-curl: *
- ext-json: *
Requires (Dev)
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^10.0
README
Official PHP SDK for Hookflow.
Requirements
- PHP 8.1+
- ext-json
- ext-curl
Installation
composer require webhook-platform/php
Quick Start
<?php
use Hookflow\Hookflow;
$client = new Hookflow(
apiKey: 'wh_live_your_api_key',
baseUrl: 'http://localhost:8080' // optional
);
// Send an event
$event = $client->events->send(
type: 'order.completed',
data: [
'orderId' => 'ord_12345',
'amount' => 99.99,
'currency' => 'USD',
]
);
echo "Event created: {$event['eventId']}\n";
echo "Deliveries created: {$event['deliveriesCreated']}\n";
API Reference
Events
// Send event with idempotency key
$event = $client->events->send(
type: 'order.completed',
data: ['orderId' => '123'],
idempotencyKey: 'unique-key'
);
Endpoints
// Create endpoint
$endpoint = $client->endpoints->create($projectId, [
'url' => 'https://api.example.com/webhooks',
'description' => 'Production webhooks',
'enabled' => true,
]);
// List endpoints
$endpoints = $client->endpoints->list($projectId);
// Update endpoint
$client->endpoints->update($projectId, $endpointId, [
'enabled' => false,
]);
// Delete endpoint
$client->endpoints->delete($projectId, $endpointId);
// Rotate secret
$updated = $client->endpoints->rotateSecret($projectId, $endpointId);
echo "New secret: {$updated['secret']}\n";
// Test endpoint connectivity
$result = $client->endpoints->test($projectId, $endpointId);
$status = $result['success'] ? 'passed' : 'failed';
echo "Test {$status}: {$result['latencyMs']}ms\n";
Subscriptions
// Subscribe endpoint to an event type
$subscription = $client->subscriptions->create($projectId, [
'endpointId' => $endpoint['id'],
'eventType' => 'order.completed',
'enabled' => true,
]);
// List subscriptions
$subscriptions = $client->subscriptions->list($projectId);
// Update subscription
$client->subscriptions->update($projectId, $subscriptionId, [
'eventType' => 'order.shipped',
'enabled' => true,
]);
// Delete subscription
$client->subscriptions->delete($projectId, $subscriptionId);
Deliveries
// List deliveries with filters
$deliveries = $client->deliveries->list($projectId, [
'status' => 'FAILED',
'page' => 0,
'size' => 20,
]);
echo "Total failed: {$deliveries['totalElements']}\n";
// Get delivery attempts
$attempts = $client->deliveries->getAttempts($deliveryId);
foreach ($attempts as $attempt) {
echo "Attempt {$attempt['attemptNumber']}: {$attempt['httpStatus']} ({$attempt['latencyMs']}ms)\n";
}
// Replay failed delivery
$client->deliveries->replay($deliveryId);
Incoming Webhooks
Receive, validate, and forward webhooks from third-party providers (Stripe, GitHub, Twilio, etc.).
Incoming Sources
// Create an incoming source with HMAC verification
$source = $client->incomingSources->create($projectId, [
'name' => 'Stripe Webhooks',
'slug' => 'stripe',
'providerType' => 'STRIPE',
'verificationMode' => 'HMAC_GENERIC',
'hmacSecret' => 'whsec_...',
'hmacHeaderName' => 'Stripe-Signature',
]);
echo "Ingress URL: {$source['ingressUrl']}\n";
// List sources
$sources = $client->incomingSources->list($projectId);
// Update source
$client->incomingSources->update($projectId, $sourceId, [
'name' => 'Stripe Production',
'rateLimitPerSecond' => 100,
]);
// Delete source
$client->incomingSources->delete($projectId, $sourceId);
Incoming Destinations
// Add a forwarding destination
$dest = $client->incomingSources->createDestination($projectId, $sourceId, [
'url' => 'https://your-api.com/webhooks/stripe',
'enabled' => true,
'maxAttempts' => 5,
'timeoutSeconds' => 30,
]);
// List destinations
$dests = $client->incomingSources->listDestinations($projectId, $sourceId);
// Update destination
$client->incomingSources->updateDestination($projectId, $sourceId, $destId, [
'enabled' => false,
]);
// Delete destination
$client->incomingSources->deleteDestination($projectId, $sourceId, $destId);
Incoming Events
// List incoming events (with optional source filter)
$events = $client->incomingEvents->list($projectId, [
'sourceId' => $sourceId,
'page' => 0,
'size' => 20,
]);
// Get event details
$event = $client->incomingEvents->get($projectId, $eventId);
// Get forward attempts
$attempts = $client->incomingEvents->getAttempts($projectId, $eventId);
// Replay event to all destinations
$result = $client->incomingEvents->replay($projectId, $eventId);
echo "Replayed to {$result['destinationsCount']} destinations\n";
Webhook Signature Verification
Verify incoming webhooks in your endpoint:
<?php
use Hookflow\Webhook;
use Hookflow\Exception\HookflowException;
// Get raw request body
$payload = file_get_contents('php://input');
$headers = getallheaders();
$secret = getenv('WEBHOOK_SECRET');
try {
// Option 1: Just verify
Webhook::verifySignature($payload, $headers['X-Signature'] ?? '', $secret);
// Option 2: Verify and parse
$event = Webhook::constructEvent($payload, $headers, $secret);
echo "Received {$event['type']}: " . json_encode($event['data']) . "\n";
// Handle the event
switch ($event['type']) {
case 'order.completed':
handleOrderCompleted($event['data']);
break;
}
http_response_code(200);
echo 'OK';
} catch (HookflowException $e) {
error_log("Webhook verification failed: {$e->getMessage()}");
http_response_code(400);
echo 'Invalid signature';
}
Laravel Example
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Hookflow\Webhook;
use Hookflow\Exception\HookflowException;
class WebhookController extends Controller
{
public function handle(Request $request)
{
$payload = $request->getContent();
$headers = $request->headers->all();
try {
$event = Webhook::constructEvent(
$payload,
$headers,
config('services.webhook.secret')
);
// Process event...
return response('OK', 200);
} catch (HookflowException $e) {
return response('Invalid signature', 400);
}
}
}
Symfony Example
<?php
namespace App\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Hookflow\Webhook;
use Hookflow\Exception\HookflowException;
class WebhookController
{
public function handle(Request $request): Response
{
$payload = $request->getContent();
$headers = $request->headers->all();
try {
$event = Webhook::constructEvent(
$payload,
$headers,
$_ENV['WEBHOOK_SECRET']
);
// Process event...
return new Response('OK', 200);
} catch (HookflowException $e) {
return new Response('Invalid signature', 400);
}
}
}
Error Handling
<?php
use Hookflow\Exception\HookflowException;
use Hookflow\Exception\RateLimitException;
use Hookflow\Exception\AuthenticationException;
use Hookflow\Exception\ValidationException;
try {
$client->events->send('test', []);
} catch (RateLimitException $e) {
// Wait and retry
$retryAfterMs = $e->getRetryAfterMs();
echo "Rate limited. Retry after {$retryAfterMs}ms\n";
usleep($retryAfterMs * 1000);
} catch (AuthenticationException $e) {
echo "Invalid API key\n";
} catch (ValidationException $e) {
echo "Validation failed: " . json_encode($e->getFieldErrors()) . "\n";
} catch (HookflowException $e) {
echo "Error {$e->getStatusCode()}: {$e->getMessage()}\n";
}
Configuration
$client = new Hookflow(
apiKey: 'wh_live_xxx', // Required: Your API key
baseUrl: 'https://api.example.com', // Optional: API base URL
timeout: 30 // Optional: Request timeout in seconds (default: 30)
);
Development
Running Tests
Local (requires PHP 8.1+):
composer install
composer test
Docker:
docker run --rm -v $(pwd):/app -w /app composer:2 sh -c "composer install && composer test"
License
MIT