PHPackages iamshehzada/laravel-action-confirmation - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. iamshehzada/laravel-action-confirmation ActiveLibrary[Security](/categories/security) iamshehzada/laravel-action-confirmation ======================================= Require explicit confirmations for dangerous actions (web + api). v1.0.4(4mo ago)03MITPHPPHP ^8.1 Since Jan 6Pushed 4mo agoCompare [ Source](https://github.com/iamshehzada/laravel-action-confirmation)[ Packagist](https://packagist.org/packages/iamshehzada/laravel-action-confirmation)[ RSS](/packages/iamshehzada-laravel-action-confirmation/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (5)Versions (6)Used By (0) Laravel Action Confirmation =========================== [](#laravel-action-confirmation) Require explicit confirmation before executing dangerous actions in Laravel. Designed for API-first applications to prevent destructive operations (deleting users, issuing refunds, bulk changes) from running without a confirmation token. --- Features -------- [](#features) - API-first, token-based confirmation - Per-action configuration and model targeting - Expiring confirmation tokens with optional reason requirement - Idempotent flow (safe retries) - Laravel 10 & 11 compatible --- Installation ------------ [](#installation) ``` composer require iamshehzada/laravel-action-confirmation php artisan vendor:publish --tag=action-confirmation-config php artisan vendor:publish --tag=action-confirmation-migrations php artisan migrate ``` --- Configuration ------------- [](#configuration) Example configuration (published to `config/action-confirmation.php`): ``` return [ // Header used for API confirmation tokens 'api_header' => 'X-Confirmation-Token', // Define actions and their rules 'actions' => [ 'delete_user' => [ 'target' => App\Models\User::class, // model to be acted upon 'ttl' => 300, // token time-to-live in seconds 'channels' => ['api', 'web'], // allowed channels 'reason_required' => true, // require a reason string ], ], ]; ``` --- API Usage --------- [](#api-usage) ``` use Illuminate\Http\Request; use App\Models\User; public function destroy(Request $request, User $user) { return confirm() ->action('delete_user') ->by($request->user()) ->on($user) ->via('api') ->token($request->header('X-Confirmation-Token')) ->reason($request->input('reason')) ->run(function () use ($user) { $user->delete(); return response()->json(['deleted' => true]); }); } ``` --- API Confirmation Flow --------------------- [](#api-confirmation-flow) 1. First request without token (server responds with 409): ``` { "message": "Confirmation required", "confirmation_id": "AbC123xyz", "expires_in": 300, "reason_required": true } ``` 2. Retry with token header and optional reason body: Header: ``` X-Confirmation-Token: AbC123xyz ``` Body: ``` { "reason": "User requested account deletion" } ``` 3. Action executes successfully after validation. --- Exception Handling ------------------ [](#exception-handling) ``` use Iamshehzada\ActionConfirmation\Exceptions\ConfirmationRequiredException; try { // protected action } catch (ConfirmationRequiredException $e) { return response()->json($e->toArray(), 409); } ``` --- Security Guarantees ------------------- [](#security-guarantees) - Token bound to a specific action - Token bound to a specific model and ID - Token bound to a specific user - Token expires automatically - Token cannot be reused --- Testing ------- [](#testing) ``` ./vendor/bin/pest ``` ### Health Score 35 — LowBetter than 79% of packages Maintenance77 Regular maintenance activity Popularity3 Limited adoption so far Community2 Small or concentrated contributor base Maturity47 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 5 Last Release 126d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/deee1e9383d4769f8acd238e21a5e8e57e0a858d9ec6516e63e690e4870a2395?d=identicon)[iamshehzada](/maintainers/iamshehzada) ### Code Quality TestsPest ### Embed Badge ![Health badge](/badges/iamshehzada-laravel-action-confirmation/health.svg) ``` [![Health](https://phpackages.com/badges/iamshehzada-laravel-action-confirmation/health.svg)](https://phpackages.com/packages/iamshehzada-laravel-action-confirmation) ``` ### Alternatives [genealabs/laravel-governor Managing policy and control in Laravel. 201262.8k](/packages/genealabs-laravel-governor)[fumeapp/modeltyper Generate TypeScript interfaces from Laravel Models 196277.9k](/packages/fumeapp-modeltyper)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 245.2k](/packages/aedart-athenaeum)[bjorn-voesten/ciphersweet-for-laravel 1411.6k](/packages/bjorn-voesten-ciphersweet-for-laravel) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)