PHPackages                             philipbrown/signplz - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. philipbrown/signplz

Abandoned → [philipbrown/signature-php](/?search=philipbrown%2Fsignature-php)ArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

philipbrown/signplz
===================

HMAC-SHA authentication

v5.1.2(11y ago)663.7k21[1 issues](https://github.com/philipbrown/signplz/issues)[1 PRs](https://github.com/philipbrown/signplz/pulls)MITPHPPHP &gt;=5.4

Since Apr 21Pushed 5y ago1 watchersCompare

[ Source](https://github.com/philipbrown/signplz)[ Packagist](https://packagist.org/packages/philipbrown/signplz)[ RSS](/packages/philipbrown-signplz/feed)WikiDiscussions master Synced 2w ago

READMEChangelogDependencies (1)Versions (14)Used By (0)

Signature
=========

[](#signature)

**A PHP 5.4+ port of the [Signature](https://github.com/mloughran/signature) ruby gem**

[![Build Status](https://camo.githubusercontent.com/898064d75c5cec3ba14084f83226d3472784e27e441e406083b4be31970d2a10/68747470733a2f2f7472617669732d63692e6f72672f7068696c697062726f776e2f7369676e61747572652d7068702e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/philipbrown/signature-php)[![Code Coverage](https://camo.githubusercontent.com/3028b185e5318c27dd64c961349769a3d055d21d6bd76386ce4e2f09b276068d/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7068696c697062726f776e2f7369676e61747572652d7068702f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/philipbrown/signature-php/?branch=master)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/b3c7f03ebc5057b37c6813921de1478429d8de242764a49b03c9df4d1c9acafb/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7068696c697062726f776e2f7369676e61747572652d7068702f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/philipbrown/signature-php/?branch=master)

Installation
------------

[](#installation)

Add `philipbrown/signature-php` as a requirement to `composer.json`:

```
$ composer require philipbrown/signature-php
```

What is HMAC-SHA authentication?
--------------------------------

[](#what-is-hmac-sha-authentication)

HMAC-SHA authentication allows you to implement very simple key / secret authentication for your API using hashed signatures.

Making a request
----------------

[](#making-a-request)

```
use PhilipBrown\Signature\Token;
use PhilipBrown\Signature\Request;

$data    = ['name' => 'Philip Brown'];
$token   = new Token('abc123', 'qwerty');
$request = new Request('POST', 'users', $data);

$auth = $request->sign($token);

$http->post('users', array_merge($auth, $data));
```

Authenticating a response
-------------------------

[](#authenticating-a-response)

```
use PhilipBrown\Signature\Auth;
use PhilipBrown\Signature\Token;
use PhilipBrown\Signature\Guards\CheckKey;
use PhilipBrown\Signature\Guards\CheckVersion;
use PhilipBrown\Signature\Guards\CheckTimestamp;
use PhilipBrown\Signature\Guards\CheckSignature;
use PhilipBrown\Signature\Exceptions\SignatureException;

$auth  = new Auth('POST', 'users', $_POST, [
	new CheckKey,
	new CheckVersion,
	new CheckTimestamp,
	new CheckSignature
]);

$token = new Token('abc123', 'qwerty');

try {
    $auth->attempt($token);
}

catch (SignatureException $e) {
    // return 4xx
}
```

Changing the default HTTP request prefix
----------------------------------------

[](#changing-the-default-http-request-prefix)

By default, this package uses `auth_*` in requests. You can change this behaviour when signing and and authenticating requests:

```
// default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature
$request->sign($token);
// the HTTP request now uses x-version, x-key, x-timestamp and x-signature
$request->sign($token, 'x-');
```

If you changed the default, you will need to authenticate the request accordingly:

```
$auth->attempt($token, 'x-');
```

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity32

Limited adoption so far

Community19

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 67.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~31 days

Recently: every ~4 days

Total

13

Last Release

4079d ago

Major Versions

v1.0.1 → v2.0.02014-10-04

v2.0.0 → v3.0.02014-10-05

v3.0.3 → v4.0.02015-04-12

v4.0.0 → v5.0.02015-04-14

PHP version history (2 changes)v1.0.0PHP &gt;=5.3.2

v2.0.0PHP &gt;=5.4

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1579059?v=4)[Philip Brown](/maintainers/philipbrown)[@philipbrown](https://github.com/philipbrown)

---

Top Contributors

[![philipbrown](https://avatars.githubusercontent.com/u/1579059?v=4)](https://github.com/philipbrown "philipbrown (56 commits)")[![ryan-senn](https://avatars.githubusercontent.com/u/1097394?v=4)](https://github.com/ryan-senn "ryan-senn (10 commits)")[![jwpage](https://avatars.githubusercontent.com/u/52687?v=4)](https://github.com/jwpage "jwpage (10 commits)")[![kukat](https://avatars.githubusercontent.com/u/107503?v=4)](https://github.com/kukat "kukat (3 commits)")[![saadsidqui](https://avatars.githubusercontent.com/u/25284407?v=4)](https://github.com/saadsidqui "saadsidqui (2 commits)")[![amp343](https://avatars.githubusercontent.com/u/425365?v=4)](https://github.com/amp343 "amp343 (1 commits)")[![gayanhewa](https://avatars.githubusercontent.com/u/1681406?v=4)](https://github.com/gayanhewa "gayanhewa (1 commits)")

---

Tags

AuthenticationHMAC-SHA

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/philipbrown-signplz/health.svg)

```
[![Health](https://phpackages.com/badges/philipbrown-signplz/health.svg)](https://phpackages.com/packages/philipbrown-signplz)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.5k50.9M364](/packages/tymon-jwt-auth)[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.7k143.0M274](/packages/league-oauth2-server)[league/oauth2-client

OAuth 2.0 Client Library

3.8k125.2M1.3k](/packages/league-oauth2-client)[google/auth

Google Auth Library for PHP

1.4k286.7M205](/packages/google-auth)[pragmarx/google2fa

A One Time Password Authentication package, compatible with Google Authenticator.

2.0k92.3M225](/packages/pragmarx-google2fa)[paragonie/sodium_compat

Pure PHP implementation of libsodium; uses the PHP extension if it exists

931141.1M172](/packages/paragonie-sodium-compat)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
