PHPackages jmashore/signature-hmac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. jmashore/signature-hmac ActiveLibrary[Authentication & Authorization](/categories/authentication) jmashore/signature-hmac ======================= HMAC-SHA authentication v0.0(8y ago)015MITPHPPHP >=5.4 Since Jan 11Pushed 8y ago1 watchersCompare [ Source](https://github.com/jmashore/signature-hmac)[ Packagist](https://packagist.org/packages/jmashore/signature-hmac)[ RSS](/packages/jmashore-signature-hmac/feed)WikiDiscussions master Synced yesterday READMEChangelog (1)Dependencies (1)Versions (2)Used By (0) Signature ========= [](#signature) **A port of Philip Browns [Signature-php](https://github.com/philipbrown/signature-php)****A PHP 5.4+ port of the [Signature](https://github.com/mloughran/signature) ruby gem** [![Build Status](https://camo.githubusercontent.com/dadc4d43d9d7626238061667f42ee0ac8ff858c85c40a4a1e8284f4e2187d647/68747470733a2f2f7472617669732d63692e6f72672f6a6d6173686f72652f7369676e61747572652d686d61632e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/jmashore/signature-hmac)[![Code Coverage](https://camo.githubusercontent.com/e0e185caa6d06278c9dafcb5111c4a684848a9d1d977ff62a40524d3a693e1df/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6a6d6173686f72652f7369676e61747572652d686d61632f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/jmashore/signature-hmac/?branch=master)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/31359ed5ab191e2801a5a942fd13d08ec09454c378ebffc784aa16e6720e5ac4/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6a6d6173686f72652f7369676e61747572652d686d61632f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/jmashore/signature-hmac/?branch=master) Installation ------------ [](#installation) Add `jmashore/signature-hmac` as a requirement to `composer.json`: ``` $ composer require jmashore/signature-hmac ``` What is HMAC-SHA authentication? -------------------------------- [](#what-is-hmac-sha-authentication) HMAC-SHA authentication allows you to implement very simple key / secret authentication for your API using hashed signatures. Making a request ---------------- [](#making-a-request) ``` use jmashore\Signature\Token; use jmashore\Signature\Request; $data = ['name' => 'Philip Brown']; $token = new Token('abc123', 'qwerty'); $request = new Request('POST', 'users', $data); $auth = $request->sign($token); $http->post('users', array_merge($auth, $data)); ``` Authenticating a response ------------------------- [](#authenticating-a-response) ``` use jmashore\Signature\Auth; use jmashore\Signature\Token; use jmashore\Signature\Guards\CheckKey; use jmashore\Signature\Guards\CheckVersion; use jmashore\Signature\Guards\CheckTimestamp; use jmashore\Signature\Guards\CheckSignature; use jmashore\Signature\Exceptions\SignatureException; $auth = new Auth('POST', 'users', $_POST, [ new CheckKey, new CheckVersion, new CheckTimestamp, new CheckSignature ]); $token = new Token('abc123', 'qwerty'); try { $auth->attempt($token); } catch (SignatureException $e) { // return 4xx } ``` Changing the default HTTP request prefix ---------------------------------------- [](#changing-the-default-http-request-prefix) By default, this package uses `auth_*` in requests. You can change this behaviour when signing and and authenticating requests: ``` // default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature $request->sign($token); // the HTTP request now uses x-version, x-key, x-timestamp and x-signature $request->sign($token, 'x-'); ``` If you changed the default, you will need to authenticate the request accordingly: ``` $auth->attempt($token, 'x-'); ``` ### Health Score 23 — LowBetter than 27% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community13 Small or concentrated contributor base Maturity48 Maturing project, gaining track record Bus Factor1 Top contributor holds 59.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3043d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d037dfafbdafa6db2b6a39a30f111e4c3d3fef20f7619b4d727ca0b57eb77e93?d=identicon)[jmashore](/maintainers/jmashore) --- Top Contributors [![philipbrown](https://avatars.githubusercontent.com/u/1579059?v=4)](https://github.com/philipbrown "philipbrown (54 commits)")[![jmashore](https://avatars.githubusercontent.com/u/5324951?v=4)](https://github.com/jmashore "jmashore (12 commits)")[![jwpage](https://avatars.githubusercontent.com/u/52687?v=4)](https://github.com/jwpage "jwpage (10 commits)")[![ryan-senn](https://avatars.githubusercontent.com/u/1097394?v=4)](https://github.com/ryan-senn "ryan-senn (10 commits)")[![kukat](https://avatars.githubusercontent.com/u/107503?v=4)](https://github.com/kukat "kukat (3 commits)")[![gayanhewa](https://avatars.githubusercontent.com/u/1681406?v=4)](https://github.com/gayanhewa "gayanhewa (1 commits)")[![amp343](https://avatars.githubusercontent.com/u/425365?v=4)](https://github.com/amp343 "amp343 (1 commits)") --- Tags AuthenticationHMAC-SHA ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/jmashore-signature-hmac/health.svg) ``` [![Health](https://phpackages.com/badges/jmashore-signature-hmac/health.svg)](https://phpackages.com/packages/jmashore-signature-hmac) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[pragmarx/google2fa A One Time Password Authentication package, compatible with Google Authenticator. 2.0k82.4M164](/packages/pragmarx-google2fa)[paragonie/sodium_compat Pure PHP implementation of libsodium; uses the PHP extension if it exists 934131.6M155](/packages/paragonie-sodium-compat) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)