PHPackages cline/webhook - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. cline/webhook ActiveLibrary[API Development](/categories/api) cline/webhook ============= Standard-compliant Laravel webhook client and server with HMAC and Ed25519 signature support 2.0.3(1mo ago)046↓33.3%1[1 PRs](https://github.com/faustbrian/webhook/pulls)MITPHPPHP ^8.5.0 Since Dec 24Pushed 1mo agoCompare [ Source](https://github.com/faustbrian/webhook)[ Packagist](https://packagist.org/packages/cline/webhook)[ RSS](/packages/cline-webhook/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (5)Dependencies (20)Versions (9)Used By (0) [![GitHub Workflow Status](https://github.com/faustbrian/webhook/actions/workflows/quality-assurance.yaml/badge.svg)](https://github.com/faustbrian/webhook/actions)[![Latest Version on Packagist](https://camo.githubusercontent.com/70d07af296f391c7ad95ee8e0703346aac401ace1a8ce5248e2fc1fea881ae99/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f636c696e652f776562686f6f6b2e737667)](https://packagist.org/packages/cline/webhook)[![Software License](https://camo.githubusercontent.com/784362b26e4b3546254f1893e778ba64616e362bd6ac791991d2c9e880a3a64e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d677265656e2e737667)](LICENSE.md)[![Total Downloads](https://camo.githubusercontent.com/5577af49b394bf4732cf40f6804da696ee5c6f0439b52eb64656653e216c1d4b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f636c696e652f776562686f6f6b2e737667)](https://packagist.org/packages/cline/webhook) --- Laravel Webhook Package ======================= [](#laravel-webhook-package) Standard-compliant Laravel webhook client and server with HMAC-SHA256 and Ed25519 signature support. Features -------- [](#features) ### Standard Webhooks Compliance [](#standard-webhooks-compliance) - Fully compliant with [Standard Webhooks specification](https://github.com/standard-webhooks/standard-webhooks/blob/main/spec/standard-webhooks.md) - Required headers: `webhook-id`, `webhook-timestamp`, `webhook-signature` - Signature formats: `v1,` (HMAC) and `v1a,` (Ed25519) - Timestamp validation for replay attack prevention - webhook-id as idempotency key ### Server Features (Sending Webhooks) [](#server-features-sending-webhooks) - Fluent API for webhook dispatch - Async dispatch via Laravel queues (default) + sync option - Conditional dispatch: `dispatchIf()`, `dispatchUnless()` - HMAC-SHA256 and Ed25519 signature generation - Automatic retry with exponential backoff - SSL verification with mutual TLS support - Events: DispatchingWebhookCallEvent, WebhookCallSucceededEvent, WebhookCallFailedEvent, FinalWebhookCallFailedEvent - Custom headers, proxy support, raw body transmission - Metadata attachment, tagging for Laravel Horizon ### Client Features (Receiving Webhooks) [](#client-features-receiving-webhooks) - Route macro: `Route::webhooks()` with CSRF bypass - Signature verification (both HMAC and Ed25519) - Request validation and filtering via WebhookProfile - Database storage in `webhook_calls` table - Async processing via ProcessWebhookJob - Configurable response handlers - Selective header storage - Automatic pruning with MassPrunable trait - Multi-tenant support (multiple webhook endpoints) Requirements ------------ [](#requirements) > **Requires [PHP 8.3+](https://php.net/releases/)** Installation ------------ [](#installation) ``` composer require cline/webhook ``` Publish the configuration file: ``` php artisan vendor:publish --tag="webhook-config" ``` Run the migrations: ``` php artisan migrate ``` Usage ----- [](#usage) ### Server Side (Sending Webhooks) [](#server-side-sending-webhooks) #### Basic Usage [](#basic-usage) ``` use Cline\Webhook\Server\WebhookCall; WebhookCall::create() ->url('https://example.com/webhooks') ->payload(['event' => 'user.created', 'user_id' => 123]) ->dispatch(); ``` #### Advanced Usage [](#advanced-usage) ``` use Cline\Webhook\Server\WebhookCall; use Cline\Webhook\Enums\SignatureVersion; WebhookCall::create() ->url('https://example.com/webhooks') ->payload([ 'event' => 'order.completed', 'order_id' => 456, 'total' => 99.99 ]) ->useSecret('your-secret-key') ->signatureVersion(SignatureVersion::V1_HMAC) ->withHeaders(['X-Custom-Header' => 'value']) ->meta(['internal_ref' => 'ABC123']) ->tags(['orders', 'high-priority']) ->maximumTries(5) ->timeoutInSeconds(10) ->onQueue('webhooks') ->dispatch(); ``` #### Conditional Dispatch [](#conditional-dispatch) ``` WebhookCall::create() ->url('https://example.com/webhooks') ->payload(['event' => 'user.updated']) ->dispatchIf($user->shouldNotifyWebhook()); ``` #### Synchronous Dispatch [](#synchronous-dispatch) ``` WebhookCall::create() ->url('https://example.com/webhooks') ->payload(['event' => 'critical.alert']) ->dispatchSync(); ``` #### Ed25519 Signatures [](#ed25519-signatures) ``` use Cline\Webhook\Enums\SignatureVersion; WebhookCall::create() ->url('https://example.com/webhooks') ->payload(['event' => 'secure.event']) ->signatureVersion(SignatureVersion::V1A_ED25519) ->useEd25519Key(env('WEBHOOK_ED25519_PRIVATE_KEY')) ->dispatch(); ``` ### Client Side (Receiving Webhooks) [](#client-side-receiving-webhooks) #### Setup Routes [](#setup-routes) In your `routes/web.php` or `routes/api.php`: ``` use Illuminate\Support\Facades\Route; Route::webhooks('webhooks/github', 'github'); Route::webhooks('webhooks/stripe', 'stripe'); ``` This creates POST routes that: - Bypass CSRF verification - Automatically verify signatures - Store webhook in database - Queue processing job #### Configure Webhook Endpoints [](#configure-webhook-endpoints) In `config/webhook.php`: ``` 'client' => [ 'configs' => [ 'github' => [ 'signing_secret' => env('GITHUB_WEBHOOK_SECRET'), 'signature_validator' => HmacValidator::class, 'webhook_profile' => ProcessEverything::class, 'webhook_response' => DefaultResponse::class, 'webhook_model' => WebhookCall::class, 'process_webhook_job' => ProcessWebhookJob::class, 'store_headers' => ['X-GitHub-Event', 'X-GitHub-Delivery'], 'delete_after_days' => 30, 'timestamp_tolerance_seconds' => 300, ], 'stripe' => [ 'signing_secret' => env('STRIPE_WEBHOOK_SECRET'), // ... similar configuration ], ], ], ``` #### Process Webhooks [](#process-webhooks) Create a custom processor by implementing the `ProcessesWebhook` interface: ``` namespace App\Webhooks; use Cline\Webhook\Client\Contracts\ProcessesWebhook; use Cline\Webhook\Client\Models\WebhookCall; class GitHubWebhookProcessor implements ProcessesWebhook { public function process(WebhookCall $webhookCall): void { $payload = $webhookCall->payload; match($payload['event']) { 'push' => $this->handlePush($payload), 'pull_request' => $this->handlePullRequest($payload), default => null, }; } private function handlePush(array $payload): void { // Handle push event } private function handlePullRequest(array $payload): void { // Handle PR event } } ``` Register in config: ``` 'github' => [ // ... 'webhook_processor' => \App\Webhooks\GitHubWebhookProcessor::class, ], ``` #### Custom Webhook Profiles (Filtering) [](#custom-webhook-profiles-filtering) ``` namespace App\Webhooks; use Cline\Webhook\Client\Contracts\WebhookProfile; use Illuminate\Http\Request; class OnlyProductionWebhooks implements WebhookProfile { public function shouldProcess(Request $request): bool { $payload = json_decode($request->getContent(), true); return $payload['environment'] === 'production'; } } ``` #### Listen to Events [](#listen-to-events) ``` use Cline\Webhook\Client\Events\WebhookReceivedEvent; use Cline\Webhook\Client\Events\WebhookProcessedEvent; use Cline\Webhook\Server\Events\WebhookCallFailedEvent; Event::listen(WebhookReceivedEvent::class, function ($event) { Log::info('Webhook received', [ 'id' => $event->webhookCall->webhook_id, 'config' => $event->configName, ]); }); Event::listen(WebhookCallFailedEvent::class, function ($event) { Log::error('Webhook dispatch failed', [ 'url' => $event->url, 'attempt' => $event->attempt, ]); }); ``` #### Query Webhooks [](#query-webhooks) ``` use Cline\Webhook\Client\Models\WebhookCall; // Get pending webhooks $pending = WebhookCall::pending()->get(); // Get webhooks for specific config $githubWebhooks = WebhookCall::forConfig('github')->get(); // Find by webhook ID (idempotency) $webhook = WebhookCall::byWebhookId('01HQWE...')->first(); // Retry failed webhook $webhook = WebhookCall::failed()->first(); $webhook->clearException(); $webhook->update(['status' => WebhookStatus::PENDING]); dispatch(new ProcessWebhookJob($webhook)); ``` #### Automatic Pruning [](#automatic-pruning) Add to `app/Console/Kernel.php`: ``` protected function schedule(Schedule $schedule): void { $schedule->command('model:prune', ['--model' => \Cline\Webhook\Client\Models\WebhookCall::class]) ->daily(); } ``` Configuration ------------- [](#configuration) ### Server Configuration [](#server-configuration) ``` 'server' => [ 'queue' => env('WEBHOOK_QUEUE'), // Queue for async dispatch 'http_verb' => 'POST', // HTTP method 'timeout_in_seconds' => 3, // Request timeout 'tries' => 3, // Max retry attempts 'backoff_strategy' => ExponentialBackoffStrategy::class, 'verify_ssl' => true, // Verify SSL certificates 'throw_exception_on_failure' => false, // Throw on final failure 'signature_version' => SignatureVersion::V1_HMAC->value, 'signing_secret' => env('WEBHOOK_SIGNING_SECRET'), 'ed25519_private_key' => env('WEBHOOK_ED25519_PRIVATE_KEY'), ], ``` ### Client Configuration [](#client-configuration) ``` 'client' => [ 'configs' => [ 'default' => [ 'signing_secret' => env('WEBHOOK_SECRET'), 'signature_validator' => HmacValidator::class, 'ed25519_public_key' => env('WEBHOOK_ED25519_PUBLIC_KEY'), 'webhook_profile' => ProcessEverything::class, 'webhook_response' => DefaultResponse::class, 'webhook_model' => WebhookCall::class, 'process_webhook_job' => ProcessWebhookJob::class, 'store_headers' => ['*'], // Or specific headers 'delete_after_days' => 30, 'timestamp_tolerance_seconds' => 300, ], ], ], ``` Testing ------- [](#testing) The package includes comprehensive tests for both HMAC and Ed25519 flows: ``` composer test ``` Security -------- [](#security) This package implements Standard Webhooks security best practices: 1. **Signature Verification**: All webhooks are signed with HMAC-SHA256 or Ed25519 2. **Timestamp Validation**: Prevents replay attacks with configurable tolerance window 3. **Idempotency**: Uses webhook-id to prevent duplicate processing 4. **SSL/TLS**: Enforces secure connections by default 5. **Constant-Time Comparison**: Uses `hash_equals()` for signature verification Change log ---------- [](#change-log) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) and [CODE\_OF\_CONDUCT](CODE_OF_CONDUCT.md) for details. Security -------- [](#security-1) If you discover any security related issues, please use the [GitHub security reporting form](https://github.com/faustbrian/webhook/security) rather than the issue queue. Credits ------- [](#credits) - [Brian Faust](https://github.com/faustbrian) - [All Contributors](../../contributors) License ------- [](#license) The MIT License. Please see [License File](LICENSE.md) for more information. ### Health Score 43 — FairBetter than 91% of packages Maintenance88 Actively maintained with recent releases Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~12 days Recently: every ~21 days Total 8 Last Release 58d ago Major Versions 1.1.1 → 2.0.02026-03-04 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/22145591?v=4)[Brian Faust](/maintainers/faustbrian)[@faustbrian](https://github.com/faustbrian) --- Top Contributors [![faustbrian](https://avatars.githubusercontent.com/u/22145591?v=4)](https://github.com/faustbrian "faustbrian (7 commits)") --- Tags phplaravelEd25519webhookhmacstandard-webhooks ### Embed Badge ![Health badge](/badges/cline-webhook/health.svg) ``` [![Health](https://phpackages.com/badges/cline-webhook/health.svg)](https://phpackages.com/packages/cline-webhook) ``` ### Alternatives [openai-php/laravel OpenAI PHP for Laravel is a supercharged PHP API client that allows you to interact with the Open AI API 3.7k7.6M74](/packages/openai-php-laravel)[flat3/lodata OData v4.01 Producer for Laravel 96320.9k](/packages/flat3-lodata)[simplestats-io/laravel-client Client for SimpleStats! 4515.5k](/packages/simplestats-io-laravel-client)[mozex/anthropic-laravel Anthropic PHP for Laravel is a supercharged PHP API client that allows you to interact with the Anthropic API 71226.4k1](/packages/mozex-anthropic-laravel)[scriptdevelop/whatsapp-manager Paquete para manejo de WhatsApp Business API en Laravel 762.6k](/packages/scriptdevelop-whatsapp-manager)[dariusiii/tmdb-laravel Laravel Package for TMDB ( The Movie Database ) API. Provides easy access to the wtfzdotnet/php-tmdb-api library. 1821.1k](/packages/dariusiii-tmdb-laravel) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)