prajwal89/webhook-verifier
Composer 安装命令:
composer require prajwal89/webhook-verifier
包简介
Verify incoming webhooks with php
README 文档
README
A PHP implementation of the Standard Webhooks signature verification.
Installation
You can install the package via composer:
composer require prajwal89/webhook-verifier
Usage
Basic Usage
<?php require 'vendor/autoload.php'; use StandardWebhooks\WebhookVerifier; use StandardWebhooks\Exceptions\WebhookVerificationException; $secret = 'whsec_MfKQ9r4OrVlYAKE4QxSvsCUQvxgwauQ'; // Your webhook secret $verifier = new WebhookVerifier($secret); // Get the request headers $headers = [ 'webhook-id' => $_SERVER['HTTP_WEBHOOK_ID'], 'webhook-timestamp' => $_SERVER['HTTP_WEBHOOK_TIMESTAMP'], 'webhook-signature' => $_SERVER['HTTP_WEBHOOK_SIGNATURE'], ]; // Get the raw request payload $payload = file_get_contents('php://input'); try { // Verify the signature and get the decoded data $data = $verifier->verify($payload, $headers); // Process the verified webhook data handleWebhook($data); http_response_code(200); echo json_encode(['success' => true]); } catch (WebhookVerificationException $e) { // Handle verification failure http_response_code(401); echo json_encode(['error' => $e->getMessage()]); } function handleWebhook($data) { // Process your webhook data here // $eventType = $data['event']; // ... }
Exception Handling
The package provides three exception types:
WebhookVerificationException- Base exception class for all webhook verification errorsSignatureException- Thrown when there's an issue with the signatureTimestampException- Thrown when there's an issue with the timestamp
You can catch these exceptions separately if you need specific error handling:
try { $data = $verifier->verify($payload, $headers); // Process webhook } catch (TimestampException $e) { // Handle timestamp issues (e.g., expired webhook) echo "Timestamp error: " . $e->getMessage(); } catch (SignatureException $e) { // Handle signature issues (e.g., tampered payload) echo "Signature error: " . $e->getMessage(); } catch (WebhookVerificationException $e) { // Handle other verification issues echo "Verification error: " . $e->getMessage(); }
Security
The package uses constant-time comparison to prevent timing attacks when verifying signatures.
The default tolerance for timestamp verification is 5 minutes (300 seconds) to account for minor time differences between servers.
Testing
composer test
License
The MIT License (MIT). Please see License File for more information.
prajwal89/webhook-verifier 适用场景与选型建议
prajwal89/webhook-verifier 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 63 次下载、GitHub Stars 达 2, 最近一次更新时间为 2025 年 04 月 08 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 prajwal89/webhook-verifier 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 prajwal89/webhook-verifier 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 63
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 8
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-04-08