PHPackages linkthrow/hmac-packet-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. linkthrow/hmac-packet-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) linkthrow/hmac-packet-auth ========================== HMAC Http Packet Auth v1.0.7(9y ago)586MITPHP Since Aug 17Pushed 8y ago2 watchersCompare [ Source](https://github.com/linkthrow/laravel-hmac-packet-auth)[ Packagist](https://packagist.org/packages/linkthrow/hmac-packet-auth)[ Docs](https://github.com/linkthrow/laravel-hmac-packet-auth)[ RSS](/packages/linkthrow-hmac-packet-auth/feed)WikiDiscussions master Synced 2mo ago READMEChangelog (7)DependenciesVersions (9)Used By (0) API Authentication Based On Packet Data Sent (HMAC SHA512) ========================================================== [](#api-authentication-based-on-packet-data-sent-hmac-sha512) The main motivation for creating this package is to have a lot more flexibility and security for API based communication. I have used JWT in the past and found it to be scarily easy to hack! I have followed the principles outlined and implemented at Twitter. Clients ------- [](#clients) To make API requests, please use the following plugins [Angular](https://github.com/linkthrow/angular-hmac-packet-auth "Angular") How it works ------------ [](#how-it-works) Client sends a request to the API with a series of headers. A HMAC SHA512 is generated based on these along with request data therefore it eliminates man in the middle attacks, replay attacks and injections. A user is identified via an access token (which expires) or an api key. The headers are: ``` 'key' or 'access-token' 'url' 'timestamp' 'client-nonce' (randomly generated string on the client side to prevent replay attacks as the nonce is stored against an api log on the database) 'hash' (generated with all the headers and request data as a json array) 'token' (not used to generate hash obviously) ``` Quick Start ----------- [](#quick-start) ### Setup [](#setup) Run composer command ``` $ composer require linkthrow/hmac-packet-auth ``` In your `config/app.php` add `'LinkThrow\HmacPacketAuth\Provider\HmacPacketAuthServiceProvider'` to the end of the `$providers` array ``` 'providers' => array( 'Illuminate\Foundation\Providers\ArtisanServiceProvider', 'Illuminate\Auth\AuthServiceProvider', ... 'LinkThrow\HmacPacketAuth\Provider\HmacPacketAuthServiceProvider', ), ``` Run the `artisan` command below to publish the configuration file ``` $ php artisan vendor:publish ``` Add the following properties to your .env file ``` HMAC_AUTH_LOCAL=true HMAC_AUTH_RATE_ON=true HMAC_AUTH_RATE_TIME=60 HMAC_AUTH_RATE_LIMIT_NUMBER=60 ``` Run the `migrate` command below to add the database tables required ``` $ php artisan migrate ``` Add 'auth.hmac' to any routes you want to protect!!! Contributing ------------ [](#contributing) Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us. Authors ------- [](#authors) - **Hussan Choudhry** See also the list of [contributors](https://github.com/your/project/contributors) who participated in this project. License ------- [](#license) This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community7 Small or concentrated contributor base Maturity68 Established project with proven stability Bus Factor1 Top contributor holds 56% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~18 days Recently: every ~26 days Total 7 Last Release 3451d ago ### Community --- Top Contributors [![hussan-choudhry](https://avatars.githubusercontent.com/u/13449479?v=4)](https://github.com/hussan-choudhry "hussan-choudhry (14 commits)")[![linkthrow](https://avatars.githubusercontent.com/u/16664738?v=4)](https://github.com/linkthrow "linkthrow (11 commits)") ### Embed Badge ![Health badge](/badges/linkthrow-hmac-packet-auth/health.svg) ``` [![Health](https://phpackages.com/badges/linkthrow-hmac-packet-auth/health.svg)](https://phpackages.com/packages/linkthrow-hmac-packet-auth) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)