PHPackages aporat/laravel-auth-signature - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. aporat/laravel-auth-signature ActiveLibrary[Authentication & Authorization](/categories/authentication) aporat/laravel-auth-signature ============================= A Laravel package providing a middleware for validating API requests with HMAC-SHA256 signatures v1.0.0(1y ago)0818↑25%MITPHPPHP ^8.3CI passing Since Apr 9Pushed 2mo ago1 watchersCompare [ Source](https://github.com/aporat/laravel-auth-signature)[ Packagist](https://packagist.org/packages/aporat/laravel-auth-signature)[ Docs](https://github.com/aporat/laravel-auth-signature)[ GitHub Sponsors](https://github.com/aporat)[ RSS](/packages/aporat-laravel-auth-signature/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (6)Versions (3)Used By (0) Laravel Auth Signature ====================== [](#laravel-auth-signature) A robust Laravel package providing a middleware for validating API requests with **HMAC-SHA256** signatures. It features configurable signature templates, version-specific authentication settings, and a secure, time-based validation to protect your endpoints. [![Packagist Version](https://camo.githubusercontent.com/daff604984c1c3a11e50729535b7b2af820232ab020985112eddd2828b60c3d6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f61706f7261742f6c61726176656c2d617574682d7369676e61747572653f7374796c653d666c61742d737175617265)](https://packagist.org/packages/aporat/laravel-auth-signature)[![Packagist Downloads](https://camo.githubusercontent.com/6565a26a07ac963ca1bc9d65ee6510f0a11c447c6f7cc81bb0f07d941bba15de/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f61706f7261742f6c61726176656c2d617574682d7369676e61747572653f7374796c653d666c61742d737175617265)](https://packagist.org/packages/aporat/laravel-auth-signature)[![PHP Version](https://camo.githubusercontent.com/bf0b989e59b751fffb69dc1dd078fb0f3d5cc0e6013ddea7d2b2ed5452792b15/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d253545382e342d3737374242342e7376673f7374796c653d666c61742d737175617265)](https://php.net)[![Laravel Version](https://camo.githubusercontent.com/2b991e9f913596d5a7aceabd0e2ec6577dd57eb3a733714a7ac2756ac48d19b0/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d313225374331332d4646324432302e7376673f7374796c653d666c61742d737175617265)](https://laravel.com)[![GitHub Actions CI](https://camo.githubusercontent.com/c402484e7c99c2cdfb717a7261f823c1a73f3f5a7b36b4fb82d06d8c38855cc7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61706f7261742f6c61726176656c2d617574682d7369676e61747572652f63692e796d6c3f6272616e63683d6d61696e267374796c653d666c61742d737175617265)](https://github.com/aporat/laravel-auth-signature/actions)[![Code Coverage](https://camo.githubusercontent.com/b3b3b1037cc693b36ccf9d875ac68b6084df6a95e6907fcc2e22cd53446ca480/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f61706f7261742f6c61726176656c2d617574682d7369676e61747572653f7374796c653d666c61742d737175617265)](https://codecov.io/github/aporat/laravel-auth-signature)[![GitHub License](https://camo.githubusercontent.com/822b1aa9622d9a59450d8677c50c09be17088cbe750999dcfd30471106c3afe2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f61706f7261742f6c61726176656c2d617574682d7369676e61747572653f7374796c653d666c61742d737175617265)](LICENSE) --- ✨ Features ---------- [](#-features) - **HMAC-SHA256 Validation**: Securely validates incoming API requests. - **Configurable Signature Templates**: Easily define the exact order and components of the string-to-be-signed. - **Version-Specific Rules**: Apply different secrets, states, and signature templates based on an `X-Auth-Version` header. - **Timestamp Validation**: Protects against replay attacks by ensuring requests are recent. - **Simple Middleware Integration**: Secure your routes with a single middleware alias: `auth.signature`. - **Clean and Modern Codebase**: Fully typed, tested, and built on modern PHP and Laravel features. --- 📋 Requirements -------------- [](#-requirements) - **PHP**: ^8.4 - **Laravel**: 12.x or 13.x --- 🚀 Installation -------------- [](#-installation) 1. Install the package via Composer: ``` composer require aporat/laravel-auth-signature ``` 2. Publish the configuration file. The service provider is auto-discovered. ``` php artisan vendor:publish --provider="Aporat\AuthSignature\AuthSignatureServiceProvider" --tag="config" ``` This will create a new configuration file at `config/auth-signature.php`. --- 🔧 Configuration --------------- [](#-configuration) Edit `config/auth-signature.php` to define your clients, authentication versions, and settings. ```