PHPackages philipbrown/signature-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. philipbrown/signature-php AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication) philipbrown/signature-php ========================= HMAC-SHA authentication v5.1.2(11y ago)66124.3k—5.8%21[1 issues](https://github.com/philipbrown/signature-php/issues)[1 PRs](https://github.com/philipbrown/signature-php/pulls)3MITPHPPHP >=5.4 Since Apr 21Pushed 5y ago10 watchersCompare [ Source](https://github.com/philipbrown/signature-php)[ Packagist](https://packagist.org/packages/philipbrown/signature-php)[ RSS](/packages/philipbrown-signature-php/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (14)Used By (3) Signature ========= [](#signature) **A PHP 5.4+ port of the [Signature](https://github.com/mloughran/signature) ruby gem** [![Build Status](https://camo.githubusercontent.com/898064d75c5cec3ba14084f83226d3472784e27e441e406083b4be31970d2a10/68747470733a2f2f7472617669732d63692e6f72672f7068696c697062726f776e2f7369676e61747572652d7068702e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/philipbrown/signature-php)[![Code Coverage](https://camo.githubusercontent.com/3028b185e5318c27dd64c961349769a3d055d21d6bd76386ce4e2f09b276068d/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7068696c697062726f776e2f7369676e61747572652d7068702f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/philipbrown/signature-php/?branch=master)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/b3c7f03ebc5057b37c6813921de1478429d8de242764a49b03c9df4d1c9acafb/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7068696c697062726f776e2f7369676e61747572652d7068702f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/philipbrown/signature-php/?branch=master) Installation ------------ [](#installation) Add `philipbrown/signature-php` as a requirement to `composer.json`: ``` $ composer require philipbrown/signature-php ``` What is HMAC-SHA authentication? -------------------------------- [](#what-is-hmac-sha-authentication) HMAC-SHA authentication allows you to implement very simple key / secret authentication for your API using hashed signatures. Making a request ---------------- [](#making-a-request) ``` use PhilipBrown\Signature\Token; use PhilipBrown\Signature\Request; $data = ['name' => 'Philip Brown']; $token = new Token('abc123', 'qwerty'); $request = new Request('POST', 'users', $data); $auth = $request->sign($token); $http->post('users', array_merge($auth, $data)); ``` Authenticating a response ------------------------- [](#authenticating-a-response) ``` use PhilipBrown\Signature\Auth; use PhilipBrown\Signature\Token; use PhilipBrown\Signature\Guards\CheckKey; use PhilipBrown\Signature\Guards\CheckVersion; use PhilipBrown\Signature\Guards\CheckTimestamp; use PhilipBrown\Signature\Guards\CheckSignature; use PhilipBrown\Signature\Exceptions\SignatureException; $auth = new Auth('POST', 'users', $_POST, [ new CheckKey, new CheckVersion, new CheckTimestamp, new CheckSignature ]); $token = new Token('abc123', 'qwerty'); try { $auth->attempt($token); } catch (SignatureException $e) { // return 4xx } ``` Changing the default HTTP request prefix ---------------------------------------- [](#changing-the-default-http-request-prefix) By default, this package uses `auth_*` in requests. You can change this behaviour when signing and and authenticating requests: ``` // default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature $request->sign($token); // the HTTP request now uses x-version, x-key, x-timestamp and x-signature $request->sign($token, 'x-'); ``` If you changed the default, you will need to authenticate the request accordingly: ``` $auth->attempt($token, 'x-'); ``` ### Health Score 43 — FairBetter than 91% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity47 Moderate usage in the ecosystem Community26 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 67.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~31 days Recently: every ~4 days Total 13 Last Release 4037d ago Major Versions v1.0.1 → v2.0.02014-10-04 v2.0.0 → v3.0.02014-10-05 v3.0.3 → v4.0.02015-04-12 v4.0.0 → v5.0.02015-04-14 PHP version history (2 changes)v1.0.0PHP >=5.3.2 v2.0.0PHP >=5.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/59881cd39ca687db95393603c2ccf65001d8173ed4d22eb1461f6b9242d53558?d=identicon)[philipbrown](/maintainers/philipbrown) --- Top Contributors [![philipbrown](https://avatars.githubusercontent.com/u/1579059?v=4)](https://github.com/philipbrown "philipbrown (56 commits)")[![ryan-senn](https://avatars.githubusercontent.com/u/1097394?v=4)](https://github.com/ryan-senn "ryan-senn (10 commits)")[![jwpage](https://avatars.githubusercontent.com/u/52687?v=4)](https://github.com/jwpage "jwpage (10 commits)")[![kukat](https://avatars.githubusercontent.com/u/107503?v=4)](https://github.com/kukat "kukat (3 commits)")[![saadsidqui](https://avatars.githubusercontent.com/u/25284407?v=4)](https://github.com/saadsidqui "saadsidqui (2 commits)")[![amp343](https://avatars.githubusercontent.com/u/425365?v=4)](https://github.com/amp343 "amp343 (1 commits)")[![gayanhewa](https://avatars.githubusercontent.com/u/1681406?v=4)](https://github.com/gayanhewa "gayanhewa (1 commits)") --- Tags AuthenticationHMAC-SHA ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/philipbrown-signature-php/health.svg) ``` [![Health](https://phpackages.com/badges/philipbrown-signature-php/health.svg)](https://phpackages.com/packages/philipbrown-signature-php) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[pragmarx/google2fa A One Time Password Authentication package, compatible with Google Authenticator. 2.0k82.4M164](/packages/pragmarx-google2fa)[paragonie/sodium_compat Pure PHP implementation of libsodium; uses the PHP extension if it exists 930131.6M155](/packages/paragonie-sodium-compat) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)