PHPackages ebay/digital-signature-php-sdk - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. ebay/digital-signature-php-sdk ActiveLibrary[API Development](/categories/api) ebay/digital-signature-php-sdk ============================== An SDK for using eBay's APIs that require a digital signature 1.0.7(3y ago)7136.9k↓23%18[1 issues](https://github.com/eBay/digital-signature-php-sdk/issues)[2 PRs](https://github.com/eBay/digital-signature-php-sdk/pulls)1Apache-2.0PHPPHP >=7.4 Since Dec 6Pushed 1y ago7 watchersCompare [ Source](https://github.com/eBay/digital-signature-php-sdk)[ Packagist](https://packagist.org/packages/ebay/digital-signature-php-sdk)[ Docs](https://github.com/eBay/digital-signature-php-sdk)[ RSS](/packages/ebay-digital-signature-php-sdk/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (3)Versions (12)Used By (1) Digital Signature SDK ===================== [](#digital-signature-sdk) HTTP message signatures provide a mechanism for end-to-end authenticity and integrity for components of an HTTP message. This PHP SDK is designed to simplify the process of generating digital signature headers and also provides a method to validate the digital signature headers. Table of contents ----------------- [](#table-of-contents) - [Digital Signatures for Public API Calls](#digital-signatures-for-public-api-calls) - [Features](#features) - [Usage](#usage) - [License](#license) Digital Signatures for Public API Calls --------------------------------------- [](#digital-signatures-for-public-api-calls) Due to regulatory requirements emanating from SCA for our European/UK sellers, we are requiring our developers to add a digital signature for every HTTP call that is made on behalf of a EU/UK seller to certain APIs. This SDK is generic and the signature scheme is compliant with these IETF standards: - [RFC 9421 HTTP Message Signatures](https://www.rfc-editor.org/rfc/rfc9421.html) - [RFC 9530 Digest Fields](https://www.rfc-editor.org/rfc/rfc9530.html) Features -------- [](#features) This SDK is intended to generate required message signature headers, as per the above IETF standards. There is also an example included with the SDK. This SDK incorporates - Generation of the following HTTP message signature headers: - **Content-Digest**: This header includes a SHA-256 digest over the HTTP payload (as specified in [RFC 9530 Digest Fields](https://www.rfc-editor.org/rfc/rfc9530.html)), if any. It is not required to be sent for APIs that do not include a request payload (e.g. GET requests). - **Signature-Input**: This header indicates which headers and pseudo-headers are included, as well as the order in which they are used when calculating the signature. It is created as specified in [RFC 9421 HTTP Message Signatures](https://www.rfc-editor.org/rfc/rfc9421.html) - **Signature**: The value of the Signature header is created as described in [Section 3.1, Creating a Signature](https://www.rfc-editor.org/rfc/rfc9421.html#name-creating-a-signature), of RFC 9421. It uses the Private Key value generated by the [Key Management API](https://developer.ebay.com/api-docs/developer/key-management/overview.html). - **x-ebay-signature-key**: This header includes the JWE that is created using the [Key Management API](https://developer.ebay.com/api-docs/developer/key-management/overview.html) - `generateSignatureHeaders` method to generate all required headers For more details on Digital Signatures for eBay APIs please refer to the [documentation](https://developer.ebay.com/develop/guides/digital-signatures-for-apis). Usage ----- [](#usage) **Prerequisites** ``` PHP: 7.4 or higher ``` ### Install [](#install) In order to use this SDK, add it to your PHP application via composer: ``` composer require ebay/digital-signature-php-sdk composer update ``` In your code, add this line to return all headers including signature headers: ``` $headers = $signature->generateSignatureHeaders($yourHeaders, $apiUrl, $method, $body); ``` Please also check the [example](#Running-the-example) ### Configure [](#configure) In order to run the example application the [example-config.json](./examples/example-config.json) needs to be updated. ``` { "digestAlgorithm": "", "jwe": "", "privateKey": "", "privateKeyStr": "", "signatureParams": "" } ``` ### Parameters [](#parameters) NameTypeDescription`digestAlgorithm`stringThe algorithm for generating the Content-Digest header. Supported vales are `sha-256` and `sha-512``jwe`stringThe JWE generated using the [Key Management API](https://developer.ebay.com/api-docs/developer/key-management/overview.html)`privateKey`stringThe privateKey generated using the [Key Management API](https://developer.ebay.com/api-docs/developer/key-management/overview.html)`privateKeyStr`string(alternative to privateKey) Private key generated using [Key Management API](https://developer.ebay.com/api-docs/developer/key-management/overview.html), surrounded by -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- key headers`signatureParams`ArrayThe list of headers that indicates which headers and pseudo-headers are included, as well as the order in which they are used when calculating the signatureNote: You can refer to [example-GET.php](examples/example-GET.php) or [example-POST.php](examples/example-POST.php) for examples of how to use the SDK (for a GET call without request body and for a POST call with body, respectively). ### Running the example [](#running-the-example) ``` cd examples composer update php example-GET.php # or php example-POST.php ``` - Signing Configuration Sample: [example-config.json](examples/example-config.json). License ------- [](#license) Copyright 2023 eBay Inc. Developer: Ulrich Herberg and Arturas Sendrauskas Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ### Health Score 37 — LowBetter than 83% of packages Maintenance24 Infrequent updates — may be unmaintained Popularity42 Moderate usage in the ecosystem Community21 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 87.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~22 days Recently: every ~38 days Total 8 Last Release 1103d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8ecaeacf93e41b79bdbff548dc06a32b46bc2cbd40ca53e5fb32f8be1734dbfc?d=identicon)[uherberg](/maintainers/uherberg) ![](https://www.gravatar.com/avatar/a1a924575700b4ad18d78660be12cd6a574376b28ddf9479bfb723e0f29bffb2?d=identicon)[ebay\_opensource](/maintainers/ebay_opensource) --- Top Contributors [![uherberg](https://avatars.githubusercontent.com/u/3589507?v=4)](https://github.com/uherberg "uherberg (29 commits)")[![LokeshRishi](https://avatars.githubusercontent.com/u/4687963?v=4)](https://github.com/LokeshRishi "LokeshRishi (3 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") --- Tags apisecuritycryptographydigital-signature ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/ebay-digital-signature-php-sdk/health.svg) ``` [![Health](https://phpackages.com/badges/ebay-digital-signature-php-sdk/health.svg)](https://phpackages.com/packages/ebay-digital-signature-php-sdk) ``` ### Alternatives [jayzeng/virustotalapi VirusTotal Public API v2.0 PHP Wrapper 62140.7k3](/packages/jayzeng-virustotalapi)[codeswholesale/sdk A PHP wrapper for CodesWholesale's API 3550.3k1](/packages/codeswholesale-sdk)[comgate/sdk Comgate PHP SDK 13327.8k](/packages/comgate-sdk)[delatbabel/apisecurity API Security Helpers. 1378.1k](/packages/delatbabel-apisecurity)[saippuakauppias/safe-browsing Client to use Google's and Yandex Safe Browsing API (v4) 1020.2k](/packages/saippuakauppias-safe-browsing) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)