Skip to content

Latest commit

 

History

History
73 lines (53 loc) · 1.24 KB

getting-started.md

File metadata and controls

73 lines (53 loc) · 1.24 KB

Getting Started

Installation

composer require hmacauth/laravel-hmac-auth

Setup

# Run installer
php artisan hmac:install

# Run migrations
php artisan migrate

For multi-tenancy:

php artisan hmac:install --with-tenancy

Generate Credentials

# Production
php artisan hmac:generate --environment=production

# Testing
php artisan hmac:generate --environment=testing

# With tenant (if multi-tenancy enabled)
php artisan hmac:generate --tenant=1

Save the client_secret shown - it cannot be retrieved later.

Protect Routes

Route::middleware('hmac.verify')->group(function () {
    Route::post('/api/orders', OrderController::class);
});

Access Credential

public function store(Request $request)
{
    $credential = $request->attributes->get('hmac_credential');
    $tenantId = $request->attributes->get('tenant_id'); // if tenancy enabled
}

How It Works

Request Headers:
  X-Api-Key: {client_id}
  X-Signature: {hmac_signature}
  X-Timestamp: {unix_timestamp}
  X-Nonce: {unique_string}

Signature = HMAC-SHA256(
  "{METHOD}\n{PATH}\n{BODY}\n{TIMESTAMP}\n{NONCE}",
  client_secret
)

See Client Examples for implementation in various languages.