PHPackages tokenly/hmac-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. tokenly/hmac-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) tokenly/hmac-auth ================= HMAC authentication for Tokenly APIs v1.2.0(8y ago)116.6k24MITPHPPHP >=5.5.0CI failing Since Jul 30Pushed 4y ago3 watchersCompare [ Source](https://github.com/tokenly/hmac-auth)[ Packagist](https://packagist.org/packages/tokenly/hmac-auth)[ RSS](/packages/tokenly-hmac-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (3)Versions (13)Used By (4) Overview ======== [](#overview) The HMAC authentication component for Tokenly. [![Build Status](https://camo.githubusercontent.com/1ad99e6aaa4947a9bc44544f20dfe4721ccc612f9fc9f6a895e93f14b7f37188/68747470733a2f2f7472617669732d63692e6f72672f746f6b656e6c792f686d61632d617574682e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/tokenly/hmac-auth) Authentication ============== [](#authentication) To authenticate HTTP requests that use this component, you must include 3 HTTP headers with your request: 1. X-Tokenly-Auth-Api-Token 2. X-Tokenly-Auth-Nonce 3. X-Tokenly-Auth-Signature To generate these headers, you will need an API Token and a secret API Key. Say my API Token is `TWKTkwIQDTvirh6D` and my API Secret key is `Kun2M2UladalYAeUvXyiKWhFuwrsmSreM841K45O`. Here is an explanation of each header. ### X-Tokenly-Auth-Api-Token [](#x-tokenly-auth-api-token) This token is nothing more than the API Token. Example: `X-Tokenly-Auth-Api-Token: TWKTkwIQDTvirh6D` ### X-Tokenly-Auth-Nonce [](#x-tokenly-auth-nonce) The nonce header is the current unix timestamp in seconds. Example: `X-Tokenly-Auth-Nonce: 1457530047` ### X-Tokenly-Auth-Signature [](#x-tokenly-auth-signature) The signature is a base64 encoded string using sha256 HMAC. The key for the hash is the API Key. And the message is generated using the following data: ``` {METHOD}\n {URL}\n {PARAMETERS}\n {API TOKEN}\n {NONCE} ``` {METHOD} is the http method such as GET,POST,PUT,DELETE {URL} is the full URL of the api endpoint {PARAMETERS} are required and should be a JSON encoded string representing the parameters. For empty parameters, use `{}`. {API TOKEN} and {NONCE} are the same as send in the headers. Items are separated with a single newline character. After calculating the HMAC, encode the data in base64 format. Example: Using the values above and a request of GET , the signature header will be: `X-Tokenly-Auth-Signature: hZ6SDgcZzo5AYrS9yopEQo068ax0NojG/CfXWG+RJEA` ### Health Score 35 — LowBetter than 80% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity24 Limited adoption so far Community19 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 91.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~76 days Recently: every ~136 days Total 12 Last Release 3113d ago Major Versions v0.2.2 → v1.0.22016-04-16 PHP version history (3 changes)0.1.x-devPHP >=5.4.0 v1.0.2PHP >=5.6.0 v1.0.3PHP >=5.5.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/3b86e6a54873d5dd61d3682a3be00127af3b7b2b5c53eb070b160e29789d4c0d?d=identicon)[dweller](/maintainers/dweller) --- Top Contributors [![deweller](https://avatars.githubusercontent.com/u/51414?v=4)](https://github.com/deweller "deweller (42 commits)")[![cryptonaut420](https://avatars.githubusercontent.com/u/8463048?v=4)](https://github.com/cryptonaut420 "cryptonaut420 (3 commits)")[![SlickTheNick](https://avatars.githubusercontent.com/u/1435056?v=4)](https://github.com/SlickTheNick "SlickTheNick (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/tokenly-hmac-auth/health.svg) ``` [![Health](https://phpackages.com/badges/tokenly-hmac-auth/health.svg)](https://phpackages.com/packages/tokenly-hmac-auth) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)