PHPackages                             skulich/laravel-clavis - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. skulich/laravel-clavis

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

skulich/laravel-clavis
======================

Laravel Clavis is a lightweight token-based authentication middleware package for Laravel APIs

1.1.1(3mo ago)0611MITPHPPHP ^8.3CI passing

Since Jan 2Pushed 1w agoCompare

[ Source](https://github.com/skulich/laravel-clavis)[ Packagist](https://packagist.org/packages/skulich/laravel-clavis)[ RSS](/packages/skulich-laravel-clavis/feed)WikiDiscussions main Synced yesterday

READMEChangelog (3)Dependencies (20)Versions (4)Used By (0)

Laravel Clavis
==============

[](#laravel-clavis)

[![Latest Version on Packagist](https://camo.githubusercontent.com/f7576e14b663217aeccee34231fcd7092c0a5a508e40db94c0ec103d53946655/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736b756c6963682f6c61726176656c2d636c617669732e737667)](https://packagist.org/packages/skulich/laravel-clavis)[![PHP Version Require](https://camo.githubusercontent.com/2209605b7f7ba8e4fff2f931e5f48cc0dff5e75590987452786917ef9bb16098/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736b756c6963682f6c61726176656c2d636c61766973)](https://camo.githubusercontent.com/2209605b7f7ba8e4fff2f931e5f48cc0dff5e75590987452786917ef9bb16098/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736b756c6963682f6c61726176656c2d636c61766973)[![Laravel Version](https://camo.githubusercontent.com/5b003f397b180da47f6e9f5c8e782d73a283bba08805966f085a106905edb58a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d25354531322e3025323025374325374325323025354531332e302d7265643f6c6f676f3d6c61726176656c)](https://camo.githubusercontent.com/5b003f397b180da47f6e9f5c8e782d73a283bba08805966f085a106905edb58a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d25354531322e3025323025374325374325323025354531332e302d7265643f6c6f676f3d6c61726176656c)[![Run Tests](https://github.com/skulich/laravel-clavis/actions/workflows/tests.yml/badge.svg)](https://github.com/skulich/laravel-clavis/actions)[![Code Coverage](https://camo.githubusercontent.com/32855e94577df9d0a30995653b17d33a5fbfdf644518f96ea0374313397d19b7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f7665726167652d3130302532352d627269676874677265656e)](https://camo.githubusercontent.com/32855e94577df9d0a30995653b17d33a5fbfdf644518f96ea0374313397d19b7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f7665726167652d3130302532352d627269676874677265656e)[![License](https://camo.githubusercontent.com/6419956665cf8bb8f34605e6c16340609710475747a7a2e8a9db251ffdcca3c9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f736b756c6963682f6c61726176656c2d636c617669732e737667)](https://camo.githubusercontent.com/6419956665cf8bb8f34605e6c16340609710475747a7a2e8a9db251ffdcca3c9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f736b756c6963682f6c61726176656c2d636c617669732e737667)[![Total Downloads](https://camo.githubusercontent.com/8798f3bdf6884affe3c015083fb3b8bd9ccbdbe2997bcf680eedc35dc64df68e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f736b756c6963682f6c61726176656c2d636c617669732e737667)](https://camo.githubusercontent.com/8798f3bdf6884affe3c015083fb3b8bd9ccbdbe2997bcf680eedc35dc64df68e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f736b756c6963682f6c61726176656c2d636c617669732e737667)

**Laravel Clavis** is a lightweight token-based authentication middleware package for Laravel APIs.

Perfect for **API-first applications** and **microservices** where you need simple and secure token-based authentication without the overhead of Sanctum.

**Key benefits:**

- 🚀 **Quick Setup**: Create a token via CLI
- 🔒 **Secure**: Built on Laravel's native Hash generator
- 🎯 **Focused**: Designed for server-to-server scenarios
- 🧹 **Clean**: No migrations, No users, No dependencies

Table of contents
=================

[](#table-of-contents)

- [Installation](#installation)
- [Usage](#usage)
    - [Generate Token](#generate-token)
    - [Rotate Token](#rotate-token)
    - [API Middleware](#api-middleware)
- [Failed Auth Events](#failed-auth-events)
- [Nota Bene](#nota-bene)
- [Tests](#tests)
- [Changelog](#changelog)
- [Contributing](#contributing)
- [License](#license)

Installation
------------

[](#installation)

Install the package via Composer.

```
composer require skulich/laravel-clavis
```

Usage
-----

[](#usage)

Generate Token
--------------

[](#generate-token)

Generate a new API token via CLI.

> The generated token is shown only once. Store it securely and share it over a safe channel.

```
php artisan clavis:token
```

Rotate Token
------------

[](#rotate-token)

Run the same command to rotate the token. The old token will stop working immediately after regeneration.

```
php artisan clavis:token
```

API Middleware
--------------

[](#api-middleware)

Add the `clavis` middleware to your API routes.

```
// Per Route
Route::get('/test', function (Request $request) {
    // return ...
})->middleware('clavis');

// Per Group
Route::middleware('clavis')->group(function () {
    // Route:: ...
});

// Globally in app/bootstrap/app.php
->withMiddleware(function (Middleware $middleware): void {
    $middleware->appendToGroup('api', 'clavis');
})
```

Failed Auth Events
------------------

[](#failed-auth-events)

Failed authentication attempts dispatch `Illuminate\Auth\Events\Failed` with guard `clavis` and a masked token.

```
Event::listen(Failed::class, function (Failed $event) {
    if ($event->guard === 'clavis') {
        Log::warning('Clavis: unauthorized request', $event->credentials);
    }
});
```

Nota Bene
---------

[](#nota-bene)

- `CLAVIS_HASH` is a secret, treat it like `APP_KEY` — never commit it to version control.
- Rotating `APP_KEY` does not invalidate `CLAVIS_HASH`. Tokens are verified with bcrypt (`Hash::check`), which is independent of `APP_KEY`, unlike Laravel's `Crypt`/`encrypt()`.
- For internet-facing endpoints, apply Laravel's `throttle` middleware alongside `clavis` to mitigate brute-force attacks.

Tests
-----

[](#tests)

Run the entire test suite:

```
composer test
```

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information.

Contributing
------------

[](#contributing)

Please see [CONTRIBUTING](CONTRIBUTING.md) for more information.

License
-------

[](#license)

The MIT License (MIT). Please see [LICENSE](LICENSE.md) for more information.

###  Health Score

45

—

FairBetter than 91% of packages

Maintenance91

Actively maintained with recent releases

Popularity18

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity52

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~44 days

Total

3

Last Release

95d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/170199581?v=4)[Siarhei Kulich](/maintainers/skulich)[@skulich](https://github.com/skulich)

---

Top Contributors

[![skulich](https://avatars.githubusercontent.com/u/170199581?v=4)](https://github.com/skulich "skulich (45 commits)")

---

Tags

middlewareapilaravelauthtoken

###  Code Quality

TestsPest

Static AnalysisPHPStan, Rector

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/skulich-laravel-clavis/health.svg)

```
[![Health](https://phpackages.com/badges/skulich-laravel-clavis/health.svg)](https://phpackages.com/packages/skulich-laravel-clavis)
```

###  Alternatives

[lab404/laravel-impersonate

Laravel Impersonate is a plugin that allows to you to authenticate as your users.

2.3k18.6M64](/packages/lab404-laravel-impersonate)[erjanmx/laravel-api-auth

Dead simple Laravel api authorization middleware

1925.4k](/packages/erjanmx-laravel-api-auth)[api-platform/laravel

API Platform support for Laravel

58171.6k14](/packages/api-platform-laravel)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
