PHP download

Download the PHP package soapbox/signed-requests without Composer

On this page you can find all versions of the php package soapbox/signed-requests. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of soapbox/signed-requests

Informations about the package signed-requests

Signed Requests

A wrapper to add the ability to accept signed requests to a Laravel project.

Installation

Composer

Setup the Service Provider

Open config/app.php and register the required service provider above your application providers.

Publish the Configuration

Configuring your Environment

You will need to set the following details in your environment:

Each of the settings above allows for a different level of configuration.

SIGNED_REQUEST_ALGORITHM is the algorithm that will be used to generate / verify the signature. This is defaulted to use sha256 feel free to change this to anything that hash_hmac accepts.
SIGNED_REQUEST_CACHE_PREFIX is the prefix to use for all the cache keys that will be generated. Here you can use the default if you're not planning on sharing a cache between multiple applications.
SIGNED_REQUEST_SIGNATURE_HEADER should be the request header that the signature will be included on, X-Signature will be used by default.
SIGNED_REQUEST_ALGORITHM_HEADER should be the request header that the includes the algorithm used to sign the request.
SIGNED_REQUEST_KEY is the shared secret key between the application generating the requests, and the application consuming them. This value should not be publically available.
SIGNED_REQUEST_ALLOW_REPLAYS allows you to enable or disable replay attacks. By default replays are disabled.
SIGNED_REQUEST_TOLERANCE_SECONDS is the number of seconds that a request will be considered for. This setting allows for some time drift between servers and is only used when replays are disabled.

Setup the Middleware

Signed Requests includes a middleware to validate the signature of a request for your automatically. To get started, add the following middleware to the $routeMiddleware property of your app/Http/Kernel.php file.

Verify the Signature

The verify-signature middleware may be assigned to a route to verify the signature of the incoming request to verify its authenticity:

Setting Up Additional Keys

You can also set up additional keys to use if you want different keys for different endpoints.

Add them to your environment:

Update the configuration in signed-requests.php

Set up your route to use the custom key. The param you pass must be the same name as the key you set in the configuration in signed-requests.php

Signing Postman Requests

If you, like us, like to use postman to share your api internally you can use the following pre-request script to automatically sign your postman requests:

Note for this to work you'll have to setup your environment to have the following variables:

{{url}} this is the base url to the api you'll be hitting.
{{key}} this is the shared secret key you'll be using in your environment.

All other environment variables that will be needed will be automatically generated by the above script.

All versions of signed-requests with dependencies

PHP Build Version

Package Version

Version v4.2 Release 30. Jun 2021
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of signed-requests from vendor soapbox

Requires php Version >=7.2
guzzlehttp/guzzle Version ^6.2|^7.2
illuminate/http Version ^7.0
illuminate/support Version ^7.0
nesbot/carbon Version ^2.0
ramsey/uuid Version ^3.6

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package soapbox/signed-requests contains the following files

Loading the files please wait ....