PHPackages acquia/http-hmac-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. acquia/http-hmac-php ActiveLibrary[HTTP & Networking](/categories/http) acquia/http-hmac-php ==================== An implementation of the HTTP HMAC Spec in PHP that integrates with popular libraries such as Symfony and Guzzle. 6.1.2(12mo ago)526.1M—0.8%33[5 issues](https://github.com/acquia/http-hmac-php/issues)[1 PRs](https://github.com/acquia/http-hmac-php/pulls)11MITPHPPHP >=7.3.0 Since Feb 15Pushed 9mo ago15 watchersCompare [ Source](https://github.com/acquia/http-hmac-php)[ Packagist](https://packagist.org/packages/acquia/http-hmac-php)[ Docs](https://github.com/acquia/http-hmac-php)[ RSS](/packages/acquia-http-hmac-php/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (10)Versions (41)Used By (11) HTTP HMAC Signer for PHP ======================== [](#http-hmac-signer-for-php) [![Build Status](https://camo.githubusercontent.com/a7a5245028c0ea4874cf514ee22636312a8167e51c3b53800c1c5900e403e01a/68747470733a2f2f7472617669732d63692e6f72672f6163717569612f687474702d686d61632d7068702e737667)](https://travis-ci.org/acquia/http-hmac-php)[![Total Downloads](https://camo.githubusercontent.com/af63e067e9d09e42ee2212fe8cd5e54f4625bec996dc1acfbccc4aed8720042a/68747470733a2f2f706f7365722e707567782e6f72672f6163717569612f687474702d686d61632d7068702f646f776e6c6f616473)](https://packagist.org/packages/acquia/http-hmac-php)[![Latest Stable Version](https://camo.githubusercontent.com/5750ac80c44463547800c1fd17536d621f95bc33ef2cb4ae16846a2df7456580/68747470733a2f2f706f7365722e707567782e6f72672f6163717569612f687474702d686d61632d7068702f762f737461626c652e737667)](https://packagist.org/packages/acquia/http-hmac-php)[![License](https://camo.githubusercontent.com/0e401c84b7d28dcb62a83a61561924fd205a3e7bab3d393e6e23029a61894b99/68747470733a2f2f706f7365722e707567782e6f72672f6163717569612f687474702d686d61632d7068702f6c6963656e73652e737667)](https://packagist.org/packages/acquia/http-hmac-php) This library implements version 2.0 of the [HTTP HMAC Spec](https://github.com/acquia/http-hmac-spec/tree/2.0) to sign and verify RESTful Web API requests. It integrates with popular frameworks and libraries, like Symfony and Guzzle, and can be used on both the server and client. Installation ------------ [](#installation) Use [Composer](http://getcomposer.org) and add it as a dependency to your project's composer.json file: ``` { "require": { "acquia/http-hmac-php": "^5.0" } } ``` Please refer to [Composer's documentation](https://github.com/composer/composer/blob/master/doc/00-intro.md#introduction) for more detailed installation and usage instructions. Usage ----- [](#usage) ### Sign an API request sent via Guzzle [](#sign-an-api-request-sent-via-guzzle) ``` require_once 'vendor/autoload.php'; use Acquia\Hmac\Guzzle\HmacAuthMiddleware; use Acquia\Hmac\Key; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack; // Create the HTTP HMAC key. // A key consists of and ID and a Base64-encoded shared secret. // Note: the API provider may have already encoded the secret. In this case, it should not be re-encoded. $key_id = 'e7fe97fa-a0c8-4a42-ab8e-2c26d52df059'; $key_secret = base64_encode('secret'); $key = new Key($key_id, $key_secret); // Optionally, you can provide additional headers when generating the signature. // The header keys need to be provided to the middleware below. $headers = [ 'X-Custom-1' => 'value1', 'X-Custom-2' => 'value2', ]; // Specify the API's realm. // Consult the API documentation for this value. $realm = 'Acquia'; // Create a Guzzle middleware to handle authentication during all requests. // Provide your key, realm and the names of any additional custom headers. $middleware = new HmacAuthMiddleware($key, $realm, array_keys($headers)); // Register the middleware. $stack = HandlerStack::create(); $stack->push($middleware); // Create a client. $client = new Client([ 'handler' => $stack, ]); // Request. try { $result = $client->get('https://service.acquia.io/api/v1/widget', [ 'headers' => $headers, ]); } catch (ClientException $e) { print $e->getMessage(); $response = $e->getResponse(); } print $response->getBody(); ``` ### Authenticate the request using PSR-7-compatible requests [](#authenticate-the-request-using-psr-7-compatible-requests) ``` use Acquia\Hmac\RequestAuthenticator; use Acquia\Hmac\ResponseSigner; // $keyLoader implements \Acquia\Hmac\KeyLoaderInterface $authenticator = new RequestAuthenticator($keyLoader); // $request implements PSR-7's \Psr\Http\Message\RequestInterface // An exception will be thrown if it cannot authenticate. $key = $authenticator->authenticate($request); $signer = new ResponseSigner($key, $request); $signedResponse = $signer->signResponse($response); ``` ### Authenticate using Symfony's Security component [](#authenticate-using-symfonys-security-component) In order to use the provided Symfony integration, you will need to include the following optional libraries in your project's `composer.json` ``` { "require": { "symfony/psr-http-message-bridge": "~0.1", "symfony/security": "~3.0", "zendframework/zend-diactoros": "~1.3.5" } } ``` Sample implementation: ``` # app/config/parameters.yml parameters: hmac_keys: {"key": "secret"} # app/config/services.yml services: hmac.keyloader: class: Acquia\Hmac\KeyLoader arguments: $keys: '%hmac_keys%' hmac.request.authenticator: class: Acquia\Hmac\RequestAuthenticator arguments: - '@hmac.keyloader' public: false hmac.response.signer: class: Acquia\Hmac\Symfony\HmacResponseListener tags: - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse } hmac.entry-point: class: Acquia\Hmac\Symfony\HmacAuthenticationEntryPoint hmac.security.authentication.provider: class: Acquia\Hmac\Symfony\HmacAuthenticationProvider arguments: - '@hmac.request.authenticator' public: false hmac.security.authentication.listener: class: Acquia\Hmac\Symfony\HmacAuthenticationListener arguments: ['@security.token_storage', '@security.authentication.manager', '@hmac.entry-point'] public: false # app/config/security.yml security: # ... firewalls: hmac_auth: pattern: ^/api/ stateless: true hmac_auth: true ``` ``` // src/AppBundle/AppBundle.php namespace AppBundle; use Acquia\Hmac\Symfony\HmacFactory; use Symfony\Component\HttpKernel\Bundle\Bundle; use Symfony\Component\DependencyInjection\ContainerBuilder; class AppBundle extends Bundle { public function build(ContainerBuilder $container) { parent::build($container); $extension = $container->getExtension('security'); $extension->addSecurityListenerFactory(new HmacFactory()); } } ``` PHPUnit testing a controller using HMAC HTTP authentication in Symfony: 1. Add the service declaration: ``` # app/config/parameters_test.yml services: test.client.hmac: class: Acquia\Hmac\Test\Mocks\Symfony\HmacClient arguments: ['@kernel', '%test.client.parameters%', '@test.client.history', '@test.client.cookiejar'] ``` ``` // src/AppBundle/Tests/HmacTestCase.php namespace MyApp\Bundle\AppBundle\Tests; use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; use Symfony\Component\HttpFoundation\Response; use Symfony\Bundle\FrameworkBundle\Client; use Acquia\Hmac\Key; class HmacTestCase extends WebTestCase { /** * @var Client */ private $client; protected static function createClient(array $options = array(), array $server = array()) { $kernel = static::bootKernel($options); $client = $kernel->getContainer()->get('test.client.hmac'); $client->setServerParameters($server); return $client; } protected function setUp() { $this->client = static::createClient(); $this->client->setKey(new Key('my-key', 'my-not-really-secret')); } ``` Contributing and Development ---------------------------- [](#contributing-and-development) [GNU Make](https://www.gnu.org/software/make/) and [Composer](https://getcomposer.org) are used to manage development dependencies and testing: ``` # Install depdendencies make install # Run test suite make test ``` All code should adhere to the following standards: - [PSR-1](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md) - [PSR-2](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md) - [PSR-4](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md) - [PSR-7](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-7-http-message.md) Submit changes using GitHub's standard [pull request](https://help.github.com/articles/using-pull-requests) workflow. ### Health Score 58 — FairBetter than 98% of packages Maintenance53 Moderate activity, may be stable Popularity58 Moderate usage in the ecosystem Community39 Small or concentrated contributor base Maturity70 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~133 days Recently: every ~423 days Total 29 Last Release 361d ago Major Versions 1.0.1 → 2.1.02016-01-28 2.1.0 → 3.0.0-beta12016-04-14 3.4.0 → 4.0.02018-03-20 4.1.2 → 5.0.02020-09-30 5.0.0 → 6.0.02021-10-21 PHP version history (7 changes)0.7.0PHP >=5.3.0 1.0.0PHP >=5.4.0 2.0.0PHP >=5.5.0 4.0.0PHP ~5.6 || ~7.0 4.1.0PHP ^7.1 5.0.0PHP ^7.2 6.0.0PHP >=7.3.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/277116?v=4)[Mark Trapp](/maintainers/itafroma)[@itafroma](https://github.com/itafroma) ![](https://avatars.githubusercontent.com/u/514789?v=4)[Acquia](/maintainers/acquia)[@acquia](https://github.com/acquia) --- Top Contributors [![itafroma](https://avatars.githubusercontent.com/u/277116?v=4)](https://github.com/itafroma "itafroma (35 commits)")[![kevinhankens](https://avatars.githubusercontent.com/u/679364?v=4)](https://github.com/kevinhankens "kevinhankens (17 commits)")[![charuag](https://avatars.githubusercontent.com/u/7946259?v=4)](https://github.com/charuag "charuag (8 commits)")[![cpliakas](https://avatars.githubusercontent.com/u/482722?v=4)](https://github.com/cpliakas "cpliakas (8 commits)")[![ndelrossi](https://avatars.githubusercontent.com/u/6465291?v=4)](https://github.com/ndelrossi "ndelrossi (3 commits)")[![mansinahar](https://avatars.githubusercontent.com/u/11689819?v=4)](https://github.com/mansinahar "mansinahar (2 commits)")[![eduardoweiland](https://avatars.githubusercontent.com/u/1799015?v=4)](https://github.com/eduardoweiland "eduardoweiland (2 commits)")[![japerry](https://avatars.githubusercontent.com/u/445961?v=4)](https://github.com/japerry "japerry (2 commits)")[![peter279k](https://avatars.githubusercontent.com/u/9021747?v=4)](https://github.com/peter279k "peter279k (1 commits)")[![sagarsinha7777](https://avatars.githubusercontent.com/u/8352612?v=4)](https://github.com/sagarsinha7777 "sagarsinha7777 (1 commits)")[![scrutinizer-auto-fixer](https://avatars.githubusercontent.com/u/6253494?v=4)](https://github.com/scrutinizer-auto-fixer "scrutinizer-auto-fixer (1 commits)")[![secretsayan](https://avatars.githubusercontent.com/u/9529657?v=4)](https://github.com/secretsayan "secretsayan (1 commits)")[![smatyas](https://avatars.githubusercontent.com/u/534550?v=4)](https://github.com/smatyas "smatyas (1 commits)")[![SteveEdwardsAcquia](https://avatars.githubusercontent.com/u/34277959?v=4)](https://github.com/SteveEdwardsAcquia "SteveEdwardsAcquia (1 commits)")[![svolpe43](https://avatars.githubusercontent.com/u/2718969?v=4)](https://github.com/svolpe43 "svolpe43 (1 commits)")[![apathak18](https://avatars.githubusercontent.com/u/106175376?v=4)](https://github.com/apathak18 "apathak18 (1 commits)")[![ynx](https://avatars.githubusercontent.com/u/1379691?v=4)](https://github.com/ynx "ynx (1 commits)")[![blkperl](https://avatars.githubusercontent.com/u/175551?v=4)](https://github.com/blkperl "blkperl (1 commits)")[![cookieguru](https://avatars.githubusercontent.com/u/1888809?v=4)](https://github.com/cookieguru "cookieguru (1 commits)")[![Gaitholabi](https://avatars.githubusercontent.com/u/24876890?v=4)](https://github.com/Gaitholabi "Gaitholabi (1 commits)") ### Code Quality TestsPHPUnit Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/acquia-http-hmac-php/health.svg) ``` [![Health](https://phpackages.com/badges/acquia-http-hmac-php/health.svg)](https://phpackages.com/packages/acquia-http-hmac-php) ``` ### Alternatives [league/uri-interfaces Common tools for parsing and resolving RFC3987/RFC3986 URI 538204.9M23](/packages/league-uri-interfaces)[shopify/shopify-api Shopify API Library for PHP 4634.8M16](/packages/shopify-shopify-api)[laudis/neo4j-php-client Neo4j-PHP-Client is the most advanced PHP Client for Neo4j 184616.9k31](/packages/laudis-neo4j-php-client)[http-interop/response-sender A function to convert PSR-7 Response to HTTP output 46711.5k40](/packages/http-interop-response-sender)[phpro/http-tools HTTP tools for developing more consistent HTTP implementations. 28137.8k](/packages/phpro-http-tools)[mezzio/mezzio-authentication-oauth2 OAuth2 (server) authentication middleware for Mezzio and PSR-7 applications. 28483.0k2](/packages/mezzio-mezzio-authentication-oauth2) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)