PHPackages spiderrobb/signed-request - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. spiderrobb/signed-request ActiveLibrary[API Development](/categories/api) spiderrobb/signed-request ========================= Simple Class for encoding and decoding SignedRequests that support a number of features and hash algorithms v1.0.0(10y ago)3371MITPHPPHP >=5.2.0 Since May 15Pushed 4y ago1 watchersCompare [ Source](https://github.com/spiderrobb/SignedRequest)[ Packagist](https://packagist.org/packages/spiderrobb/signed-request)[ RSS](/packages/spiderrobb-signed-request/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (3)Used By (0) SignedRequest (v.1.0.0) ======================= [](#signedrequest-v100) [![Build Status](https://camo.githubusercontent.com/540b4ab1f76acb3ce8d74e1f70bc02332d37aae4a99ad1a995976ff415485e42/68747470733a2f2f7472617669732d63692e6f72672f737069646572726f62622f5369676e6564526571756573742e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/spiderrobb/SignedRequest) The SignedRequest class is an easy and feature rich way to encode and decode signed requests. Signed requests are used by companies such as Facebook, Kongregate, and Salesforce to pass data to 3rd party applications in a secure and reliable way. *Note: SignedRequest does not Encrypt your data, it Encodes your data. All data inside a SignedRequest can be read by anyone. SignedRequest's are useful when you want to trust the data.* \##Format A signed request is a concatenation of a HMAC SHA-256 (HMAC SHA-256 by default) signature string, a period (.), and a base64url encoded JSON object. It looks somthing like this (without the newlines).: ``` vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso . eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0 ``` The Signed request consists of a signature and a payload `SIGNATURE.PAYLOAD` \##Basic Use The most basic use of a signed request is to encode the data with a secret, and pass the data through HTTP POST or GET, then decode the signed request using the same secret. The Simplest use is: ``` // File that is encoding Signed Request // ------------------------------------ // defining secret to encode data with $mySecret = '[My Super Secret String]'; // defining data to encode in signed request // Note: myData does not need to be an array, it can be an Array, String, Boolean... etc. $myData = array( 'dataKey' => 'dataValue' ); $mySR = SignedRequest::encode( $myData, array('secret' => $mySecret) ); // File That is decoding Signed Request // ------------------------------------ // defining secret to decode data with $mySecret = '[My Super Secret String]'; // decoding signed request try { // decoding signed request using same secret $myData = SignedRequest::decode( $mySR, array( 'secret' => $mySecret ) ) print_r($myData); } catch (Exception $e) { // signed request has been malformatted or cannot be trusted var_dump($e); } /* output Array( 'dataKey' => 'dataValue' ) */ ``` \##Features \###Support for multiple hash algorithms Hash algorithms supported include all algorithms in php [hash\_algos](http://php.net/manual/en/function.hash-algos.php) **Example:** ``` $mySecret = '[My super secret secret]'; $myData = array( 'dataKey' => 'dataValue' ); $mySR = SignedRequest::encode( $myData, array( 'secret' => $mySecret, 'algorithm' => 'HMAC-SHA1' // (optional) default: HMAC-SHA256 ) ); ``` To get a list of supported algorithms you can use the function: ``` $supportedAlgorithms = SignedRequest::getAlgorithms(); ``` \###Expiration Date The ability to specify a specific date for the signed request to expire. (unix time stamp format) **Example:** ``` $mySecret = '[My super secret secret]'; $myData = array( 'dataKey' => 'dataValue' ); $mySR = SignedRequest::encode( $myData, array( 'secret' => $mySecret, 'expires' => strtotime('2015-01-01 01:00:00') ) ); ``` \###Time to Expire The ability to specify an amount of time (in seconds) until the signed requests expires. **Example:** ``` $mySecret = '[My super secret secret]'; $myData = array( 'dataKey' => 'dataValue' ); $mySR = SignedRequest::encode( $myData, array( 'secret' => $mySecret, 'timeout' => 3600 // signed request will expire in 1 hour ) ); ``` \###Method Validation Using best practice the same secret should not be used in multiple situations. Say you want to encode an id for an `object1`, so you encode data like this: ``` $myData = array( 'id' => 153 ); ``` Now you want to encode an id for an `object2` so you encode it the same way: ``` $myData = array( 'id' => 351 ); ``` If the same secret is used in both examples than it is possible for sombody to take a secret for `object1` and use it in a different context for `object2`. To protect yourself from this security hazard you can use the method option. **Example:** ``` // Encoding data in signed request using method attribute $mySecret = '[My super secret secret]'; $myData = array( 'dataKey' => 'dataValue' ); $mySR = SignedRequest::encode( $myData, array( 'method' => 'object1', 'timeout' => 3600 // signed request will expire in 1 hour ) ); // Decoding data in signed request using method attribute try { // decoding signed request using same secret $myData = SignedRequest::decode( $mySR, array( 'method' => 'object1', 'secret' => $mySecret ) ) print_r($myData); } catch (Exception $e) { // signed request has been malformatted or cannot be trusted var_dump($e); } ``` ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community8 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 4012d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/99e97ce02dbb36be75a6227de4888a5c7532e8560bebf9ac2b69cc3309fb510a?d=identicon)[spiderrobb](/maintainers/spiderrobb) --- Top Contributors [![spiderrobb](https://avatars.githubusercontent.com/u/3183177?v=4)](https://github.com/spiderrobb "spiderrobb (37 commits)") --- Tags requestapisecretsignedsigned-requestsignedrequest ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/spiderrobb-signed-request/health.svg) ``` [![Health](https://phpackages.com/badges/spiderrobb-signed-request/health.svg)](https://phpackages.com/packages/spiderrobb-signed-request) ``` ### Alternatives [mtownsend/request-xml The missing XML support for Laravel's Request class. 43432.5k](/packages/mtownsend-request-xml)[hitrov/oci-api-php-request-sign This package generates proper HTTP headers to sign Oracle Cloud Infrastructure API requests 231.4M4](/packages/hitrov-oci-api-php-request-sign)[agungsugiarto/codeigniter4-cors Send CORS Headers in a CodeIgniter 4 application. 6524.6k2](/packages/agungsugiarto-codeigniter4-cors)[ideasoft/batch-request-client Batch request client implementation for php. 2317.1k](/packages/ideasoft-batch-request-client) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)