PHPackages                             iamtartan/laravel-hmac-signature - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. iamtartan/laravel-hmac-signature

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

iamtartan/laravel-hmac-signature
================================

Laravel HMAC-SHA authentication

v1.1.0(9y ago)98292MITPHPPHP &gt;=5.4

Since Jan 21Pushed 9y ago3 watchersCompare

[ Source](https://github.com/iamtartan/laravel-hmac-signature)[ Packagist](https://packagist.org/packages/iamtartan/laravel-hmac-signature)[ RSS](/packages/iamtartan-laravel-hmac-signature/feed)WikiDiscussions master Synced 4d ago

READMEChangelog (2)Dependencies (2)Versions (3)Used By (0)

Signature
=========

[](#signature)

\*\*A laravel HMAC auth package based on [Signature-PHP](https://github.com/philipbrown/signature-php) \*\*

[![Build Status](https://camo.githubusercontent.com/50ba69c6ef4d71b9b0515c302585a3e00afb855603ebe7f27b4ab4f2c2f9618e/68747470733a2f2f7472617669732d63692e6f72672f69616d74617274616e2f6c61726176656c2d686d61632d7369676e61747572652e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/iamtartan/laravel-hmac-signature)

Installation
------------

[](#installation)

Add `iamtartan/laravel-hmac-signature` as a requirement to `composer.json`:

```
$ composer require iamtartan/laravel-hmac-signature
```

What is HMAC-SHA authentication?
--------------------------------

[](#what-is-hmac-sha-authentication)

HMAC-SHA authentication allows you to implement very simple key / secret authentication for your API using hashed signatures.

Making a request for api (version **1.0.0**)
--------------------------------------------

[](#making-a-request-for-api-version-100)

```
use Tartan\Signature\Token;
use Tartan\Signature\Request;

$data    = [
    'first_name' => 'Aboozar',
    'last_name'  => 'Ghaffari',
    'email'      => 'iamtartan@gmail.com'
];
$token   = new Token('my_public_key', 'my_private_key');
$request = new Request('POST', 'signup', $data, '1.0.0');

$auth = $request->sign($token);

$finalData = array_merge($auth, $data);

$yourHttpClient->post('signup', $finalData);
```

Authenticating a response
-------------------------

[](#authenticating-a-response)

```
use Tartan\Signature\Auth;
use Tartan\Signature\Token;
use Tartan\Signature\Guards\CheckKey;
use Tartan\Signature\Guards\CheckVersion;
use Tartan\Signature\Guards\CheckTimestamp;
use Tartan\Signature\Guards\CheckSignature;
use Tartan\Signature\Exceptions\SignatureException;

$auth  = new Auth($request->method(), $request->url(), '1.0.0', $request->all(), [
	new CheckKey,
	new CheckVersion,
	new CheckTimestamp,
	new CheckSignature
]);

$token   = new Token('my_public_key', 'my_private_key');

try {
    $auth->attempt($token);
}

catch (SignatureException $e) {
    // return 401
}

catch (Exception $e) {
    // return 400;
}
```

Changing the default HTTP request prefix
----------------------------------------

[](#changing-the-default-http-request-prefix)

By default, this package uses `auth_*` in requests. You can change this behaviour when signing and and authenticating requests:

```
// default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature
$request->sign($token);
// the HTTP request now uses x-version, x-key, x-timestamp and x-signature
$request->sign($token, 'x-');
```

If you changed the default, you will need to authenticate the request accordingly:

```
$auth->attempt($token, 'x-');
```

###  Health Score

31

—

LowBetter than 66% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity21

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

3450d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/9299d1f63e54a717d0b785253adc636f90c3b460ae9bd24bfc1505ef5f90f1ec?d=identicon)[tartan](/maintainers/tartan)

---

Top Contributors

[![pyramid-head](https://avatars.githubusercontent.com/u/61554420?v=4)](https://github.com/pyramid-head "pyramid-head (8 commits)")

---

Tags

laravelAuthenticationhmacHMAC-SHA

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/iamtartan-laravel-hmac-signature/health.svg)

```
[![Health](https://phpackages.com/badges/iamtartan-laravel-hmac-signature/health.svg)](https://phpackages.com/packages/iamtartan-laravel-hmac-signature)
```

###  Alternatives

[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

84611.1M64](/packages/php-open-source-saver-jwt-auth)[directorytree/ldaprecord-laravel

LDAP Authentication &amp; Management for Laravel.

5752.3M18](/packages/directorytree-ldaprecord-laravel)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6804.7k6](/packages/hasinhayder-tyro)[masterix21/laravel-licensing

Laravel licensing package with polymorphic assignment to any model, activation keys, expirations/renewals, and seat control via LicenseUsage. Supports offline verification with public-key–signed tokens, a CLI to generate/rotate/revoke keys, and an extensible architecture via config and contracts.

1563.1k4](/packages/masterix21-laravel-licensing)[alajusticia/laravel-logins

Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser

2014.5k](/packages/alajusticia-laravel-logins)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
