PHPackages                             nickveenhof/http-hmac-php - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. nickveenhof/http-hmac-php

ActiveLibrary[HTTP &amp; Networking](/categories/http)

nickveenhof/http-hmac-php
=========================

An implementation of the HTTP HMAC Spec in PHP that integrates with popular libraries such as Symfony and Guzzle. Different namespace to avoid version conflicts with content hub. Temporary!

3.1.3(9y ago)022.1kMITPHPPHP &gt;=5.5.0

Since Feb 15Pushed 9y agoCompare

[ Source](https://github.com/nickveenhof/http-hmac-php)[ Packagist](https://packagist.org/packages/nickveenhof/http-hmac-php)[ Docs](https://github.com/nickveenhof/http-hmac-php)[ RSS](/packages/nickveenhof-http-hmac-php/feed)WikiDiscussions master Synced 2mo ago

READMEChangelog (1)Dependencies (14)Versions (19)Used By (0)

HTTP HMAC Signer for PHP
========================

[](#http-hmac-signer-for-php)

[![Build Status](https://camo.githubusercontent.com/a7a5245028c0ea4874cf514ee22636312a8167e51c3b53800c1c5900e403e01a/68747470733a2f2f7472617669732d63692e6f72672f6163717569612f687474702d686d61632d7068702e737667)](https://travis-ci.org/acquia/http-hmac-php)[![Code Coverage](https://camo.githubusercontent.com/110a9e92d1f2ee6c238191cf771aecce02ed96f4fdad0d8fd5ef0cab2e29b85a/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6163717569612f687474702d686d61632d7068702f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/acquia/http-hmac-php/?branch=master)[![HHVM Status](https://camo.githubusercontent.com/309dd38a016f2f388126c17a966485edea587507f46984a0cfd324247b239da6/687474703a2f2f6868766d2e683463632e64652f62616467652f6163717569612f687474702d686d61632d7068702e7376673f7374796c653d666c6174)](http://hhvm.h4cc.de/package/acquia/http-hmac-php)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/141ebba9fa2efa7c4480a58c7bcdb064ae5675500c8a9ad84c81d950b728f481/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6163717569612f687474702d686d61632d7068702f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/acquia/http-hmac-php/?branch=master)[![Total Downloads](https://camo.githubusercontent.com/af63e067e9d09e42ee2212fe8cd5e54f4625bec996dc1acfbccc4aed8720042a/68747470733a2f2f706f7365722e707567782e6f72672f6163717569612f687474702d686d61632d7068702f646f776e6c6f616473)](https://packagist.org/packages/acquia/http-hmac-php)[![Latest Stable Version](https://camo.githubusercontent.com/5750ac80c44463547800c1fd17536d621f95bc33ef2cb4ae16846a2df7456580/68747470733a2f2f706f7365722e707567782e6f72672f6163717569612f687474702d686d61632d7068702f762f737461626c652e737667)](https://packagist.org/packages/acquia/http-hmac-php)[![License](https://camo.githubusercontent.com/0e401c84b7d28dcb62a83a61561924fd205a3e7bab3d393e6e23029a61894b99/68747470733a2f2f706f7365722e707567782e6f72672f6163717569612f687474702d686d61632d7068702f6c6963656e73652e737667)](https://packagist.org/packages/acquia/http-hmac-php)

HMAC Request Signer is a PHP library that implements the version 2.0 of the [HTTP HMAC Spec](https://github.com/acquia/http-hmac-spec/tree/2.0)to sign and verify RESTful Web API requests. It integrates with popular libraries such as Symfony and Guzzle and can be used on both the server and client.

Installation
------------

[](#installation)

HMAC Request Signer can be installed with [Composer](http://getcomposer.org)by adding it as a dependency to your project's composer.json file.

```
{
    "require": {
        "nickveenhof/http-hmac-php": "~3.1.0"
    }
}
```

Please refer to [Composer's documentation](https://github.com/composer/composer/blob/master/doc/00-intro.md#introduction)for more detailed installation and usage instructions.

Usage
-----

[](#usage)

### Sign an API request sent via Guzzle

[](#sign-an-api-request-sent-via-guzzle)

```
use NickVeenhof\Hmac\Guzzle\HmacAuthMiddleware;
use NickVeenhof\Hmac\Key;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;

// Optionally, you can provide signed headers to generate the digest. The header keys need to be provided to the middleware below.
$options = [
  'headers' => [
    'X-Custom-1' => 'value1',
    'X-Custom-2' => 'value2',
  ],
];

// A key consists of your UUID and a MIME base64 encoded shared secret.
$key = new Key('e7fe97fa-a0c8-4a42-ab8e-2c26d52df059', base64_encode('secret'));

// Provide your key, realm and optional signed headers.
$middleware = new HmacAuthMiddleware($key, 'CIStore', array_keys($options['headers']));

// Register the middleware.
$stack = HandlerStack::create();
$stack->push($middleware);

// Create a client.
$client = new Client([
    'handler' => $stack,
]);

// Request.
$result = $client->get('https://service.acquia.io/api/v1/widget', $options);
var_dump($result);
```

### Authenticate the request using PSR-7-compatible requests

[](#authenticate-the-request-using-psr-7-compatible-requests)

```
use NickVeenhof\Hmac\RequestAuthenticator;
use NickVeenhof\Hmac\ResponseSigner;

// $keyLoader implements \NickVeenhof\Hmac\KeyLoaderInterface
$authenticator = new RequestAuthenticator($keyLoader);

// $request implements PSR-7's \Psr\Http\Message\RequestInterface
// An exception will be thrown if it cannot authenticate.
$key = $authenticator->authenticate($request);

$signer = new ResponseSigner($key, $request)
$signedResponse = $signer->signResponse($response);
```

### Authenticate using Silex's [SecurityServiceProvider](http://silex.sensiolabs.org/doc/providers/security.html)

[](#authenticate-using-silexs-securityserviceprovider)

In order to use the provided Silex security provider, you will need to include the following optional libraries in your project's `composer.json`:

```
{
    "require": {
        "symfony/psr-http-message-bridge": "~0.1",
        "symfony/security": "~3.0",
        "zendframework/zend-diactoros": "~1.3.5"
    }
}
```

Sample implementation:

```
use NickVeenhof\Hmac\HmacSecurityProvider;
use Silex\Application;
use Silex\Provider\SecurityServiceProvider;

$app = new Application();

// $keyLoader implements \NickVeenhof\Hmac\KeyLoaderInterface
$app->register(new SecurityServiceProvider());
$app->register(new HmacSecurityProvider($keyLoader));

$app['security.firewalls'] = [
    'hmac-auth' => array(
        'pattern' => '^/api/',
        'hmac' => true,
    ),
];

$app->boot();
```

### Authenticate using Symfony's Security component

[](#authenticate-using-symfonys-security-component)

In order to use the provided Symfony integration, you will need to include the following optional libraries in your project's `composer.json`

```
{
    "require": {
        "symfony/psr-http-message-bridge": "~0.1",
        "symfony/security": "~3.0",
        "zendframework/zend-diactoros": "~1.3.5"
    }
}
```

Sammple implementation:

```
# app/config/services.yml
services:
    hmac.security.authentication.provider:
        class: NickVeenhof\Hmac\Symfony\HmacAuthenticationProvider
        arguments:
            - '@hmac.request.authenticator' # Service should implement \NickVeenhof\Hmac\RequstAuthenticatorInterface
        public: false

    hmac.security.authentication.listener:
        class: NickVeenhof\Hmac\Symfony\HmacAuthenticationListener
        arguments: ['@security.token_storage', '@security.authentication.manager']
        public: false

# app/config/security.yml
security:
    # ...

    firewalls:
        hmac_auth:
            pattern:   ^/api/
            stateless: true
            wsse:      true
```

```
// src/AppBundle/AppBundle.php
namespace AppBundle;

use Symfony\Component\HttpKernel\Bundle\Bundle;
use Symfony\Component\DependencyInjection\ContainerBuilder;

class AppBundle extends Bundle
{
    public function build(ContainerBuilder $container)
    {
        parent::build($container);

        // $hmacFactory should implement \Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface
        // @see http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html#the-factory
        $extension = $container->getExtension('security');
        $extension->addSecurityListenerFactory($hmacFactory);
    }
}
```

Contributing and Development
----------------------------

[](#contributing-and-development)

Submit changes using GitHub's standard [pull request](https://help.github.com/articles/using-pull-requests) workflow.

All code should adhere to the following standards:

- [PSR-1](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md)
- [PSR-2](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)
- [PSR-4](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md)
- [PSR-7](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-7-http-message.md)

Use [PHP\_CodeSniffer](https://github.com/squizlabs/php_codesniffer) to validate coding style and automatically fix problems according to the PSR-2 standard:

```
$ vendor/bin/phpcs --standard=PSR2 --runtime-set ignore_warnings_on_exit true --colors src/.
$ vendor/bin/phpcs --standard=PSR2 --runtime-set ignore_warnings_on_exit true --colors test/.
$ vendor/bin/phpcbf --standard=PSR2 src/.
$ vendor/bin/phpcbf --standard=PSR2 test/.

```

Refer to [PHP Project Starter's documentation](https://github.com/cpliakas/php-project-starter#using-apache-ant)for the Apache Ant targets supported by this project.

###  Health Score

33

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity20

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity67

Established project with proven stability

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~43 days

Recently: every ~31 days

Total

14

Last Release

3534d ago

Major Versions

0.7.0 → 1.0.02015-02-20

1.0.x-dev → 2.0.02015-11-11

1.0.1 → 2.1.02016-01-28

2.1.0 → 3.0.0-beta12016-04-14

PHP version history (3 changes)0.7.0PHP &gt;=5.3.0

1.0.0PHP &gt;=5.4.0

2.0.0PHP &gt;=5.5.0

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/161341?v=4)[Nick Veenhof](/maintainers/nickveenhof)[@nickveenhof](https://github.com/nickveenhof)

---

Top Contributors

[![itafroma](https://avatars.githubusercontent.com/u/277116?v=4)](https://github.com/itafroma "itafroma (23 commits)")[![kevinhankens](https://avatars.githubusercontent.com/u/679364?v=4)](https://github.com/kevinhankens "kevinhankens (17 commits)")[![cpliakas](https://avatars.githubusercontent.com/u/482722?v=4)](https://github.com/cpliakas "cpliakas (8 commits)")[![charuag](https://avatars.githubusercontent.com/u/7946259?v=4)](https://github.com/charuag "charuag (8 commits)")[![nickveenhof](https://avatars.githubusercontent.com/u/161341?v=4)](https://github.com/nickveenhof "nickveenhof (2 commits)")[![scrutinizer-auto-fixer](https://avatars.githubusercontent.com/u/6253494?v=4)](https://github.com/scrutinizer-auto-fixer "scrutinizer-auto-fixer (1 commits)")[![smatyas](https://avatars.githubusercontent.com/u/534550?v=4)](https://github.com/smatyas "smatyas (1 commits)")

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/nickveenhof-http-hmac-php/health.svg)

```
[![Health](https://phpackages.com/badges/nickveenhof-http-hmac-php/health.svg)](https://phpackages.com/packages/nickveenhof-http-hmac-php)
```

###  Alternatives

[league/uri-interfaces

Common tools for parsing and resolving RFC3987/RFC3986 URI

538204.9M23](/packages/league-uri-interfaces)[shopify/shopify-api

Shopify API Library for PHP

4634.8M16](/packages/shopify-shopify-api)[laudis/neo4j-php-client

Neo4j-PHP-Client is the most advanced PHP Client for Neo4j

184616.9k31](/packages/laudis-neo4j-php-client)[http-interop/response-sender

A function to convert PSR-7 Response to HTTP output

46711.5k40](/packages/http-interop-response-sender)[phpro/http-tools

HTTP tools for developing more consistent HTTP implementations.

28137.8k](/packages/phpro-http-tools)[mezzio/mezzio-authentication-oauth2

OAuth2 (server) authentication middleware for Mezzio and PSR-7 applications.

28483.0k2](/packages/mezzio-mezzio-authentication-oauth2)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)