Signature
A PHP 5.4+ port of the Signature ruby gem
Installation
Add philipbrown/signature-php
as a requirement to composer.json
:
$ composer require philipbrown/signature-php
What is HMAC-SHA authentication?
HMAC-SHA authentication allows you to implement very simple key / secret authentication for your API using hashed signatures.
Making a request
use PhilipBrown\Signature\Token;
use PhilipBrown\Signature\Request;
$data = ['name' => 'Philip Brown'];
$token = new Token('abc123', 'qwerty');
$request = new Request('POST', 'users', $data);
$auth = $request->sign($token);
$http->post('users', array_merge($auth, $data));
Authenticating a response
use PhilipBrown\Signature\Auth;
use PhilipBrown\Signature\Token;
use PhilipBrown\Signature\Guards\CheckKey;
use PhilipBrown\Signature\Guards\CheckVersion;
use PhilipBrown\Signature\Guards\CheckTimestamp;
use PhilipBrown\Signature\Guards\CheckSignature;
use PhilipBrown\Signature\Exceptions\SignatureException;
$auth = new Auth('POST', 'users', $_POST, [
new CheckKey,
new CheckVersion,
new CheckTimestamp,
new CheckSignature
]);
$token = new Token('abc123', 'qwerty');
try {
$auth->attempt($token);
}
catch (SignatureException $e) {
// return 4xx
}