• Stars
    star
    985
  • Rank 46,479 (Top 1.0 %)
  • Language
    PHP
  • License
    MIT License
  • Created over 5 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Receive webhooks in Laravel apps

Receive webhooks in Laravel apps

Latest Version on Packagist GitHub Workflow Status Total Downloads

A webhook is a way for an app to provide information to another app about a specific event. The way the two apps communicate is with a simple HTTP request.

This package allows you to receive webhooks in a Laravel app. It has support for verifying signed calls, storing payloads and processing the payloads in a queued job.

If you need to send webhooks, take a look at our laravel-webhook-server package.

Support us

We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.

Installation

You can install the package via composer:

composer require spatie/laravel-webhook-client

Configuring the package

You can publish the config file with:

php artisan vendor:publish --provider="Spatie\WebhookClient\WebhookClientServiceProvider" --tag="webhook-client-config"

This is the contents of the file that will be published at config/webhook-client.php:

<?php

return [
    'configs' => [
        [
            /*
             * This package supports multiple webhook receiving endpoints. If you only have
             * one endpoint receiving webhooks, you can use 'default'.
             */
            'name' => 'default',

            /*
             * We expect that every webhook call will be signed using a secret. This secret
             * is used to verify that the payload has not been tampered with.
             */
            'signing_secret' => env('WEBHOOK_CLIENT_SECRET'),

            /*
             * The name of the header containing the signature.
             */
            'signature_header_name' => 'Signature',

            /*
             *  This class will verify that the content of the signature header is valid.
             *
             * It should implement \Spatie\WebhookClient\SignatureValidator\SignatureValidator
             */
            'signature_validator' => \Spatie\WebhookClient\SignatureValidator\DefaultSignatureValidator::class,

            /*
             * This class determines if the webhook call should be stored and processed.
             */
            'webhook_profile' => \Spatie\WebhookClient\WebhookProfile\ProcessEverythingWebhookProfile::class,

            /*
             * This class determines the response on a valid webhook call.
             */
            'webhook_response' => \Spatie\WebhookClient\WebhookResponse\DefaultRespondsTo::class,

            /*
             * The classname of the model to be used to store webhook calls. The class should
             * be equal or extend Spatie\WebhookClient\Models\WebhookCall.
             */
            'webhook_model' => \Spatie\WebhookClient\Models\WebhookCall::class,

            /*
             * In this array, you can pass the headers that should be stored on
             * the webhook call model when a webhook comes in.
             *
             * To store all headers, set this value to `*`.
             */
            'store_headers' => [

            ],

            /*
             * The class name of the job that will process the webhook request.
             *
             * This should be set to a class that extends \Spatie\WebhookClient\Jobs\ProcessWebhookJob.
             */
            'process_webhook_job' => '',
        ],
    ],

    /*
     * The number of days after which models should be deleted.
     *
     * Set to null if no models should be deleted.
     */
    'delete_after_days' => 30,
];

In the signing_secret key of the config file, you should add a valid webhook secret. This value should be provided by the app that will send you webhooks.

This package will try to store and respond to the webhook as fast as possible. Processing the payload of the request is done via a queued job. It's recommended to not use the sync driver but a real queue driver. You should specify the job that will handle processing webhook requests in the process_webhook_job of the config file. A valid job is any class that extends Spatie\WebhookClient\Jobs\ProcessWebhookJob and has a handle method.

Preparing the database

By default, all webhook calls will get saved in the database.

To create the table that holds the webhook calls, you must publish the migration with:

php artisan vendor:publish --provider="Spatie\WebhookClient\WebhookClientServiceProvider" --tag="webhook-client-migrations"

After the migration has been published, you can create the webhook_calls table by running the migrations:

php artisan migrate

Taking care of routing

Finally, let's take care of the routing. At the app that sends webhooks, you probably configure an URL where you want your webhook requests to be sent. In the routes file of your app, you must pass that route to Route::webhooks. Here's an example:

Route::webhooks('webhook-receiving-url');

Behind the scenes, this will register a POST route to a controller provided by this package. Because the app that sends webhooks to you has no way of getting a csrf-token, you must add that route to the except array of the VerifyCsrfToken middleware:

protected $except = [
    'webhook-receiving-url',
];

Usage

With the installation out of the way, let's take a look at how this package handles webhooks. First, it will verify if the signature of the request is valid. If it is not, we'll throw an exception and fire off the InvalidSignatureEvent event. Requests with invalid signatures will not be stored in the database.

Next, the request will be passed to a webhook profile. A webhook profile is a class that determines if a request should be stored and processed by your app. It allows you to filter out webhook requests that are of interest to your app. You can easily create your own webhook profile.

If the webhook profile determines that request should be stored and processed, we'll first store it in the webhook_calls table. After that, we'll pass that newly created WebhookCall model to a queued job. Most webhook sending apps expect you to respond very quickly. Offloading the real processing work allows for speedy responses. You can specify which job should process the webhook in the process_webhook_job in the webhook-client config file. Should an exception be thrown while queueing the job, the package will store that exception in the exception attribute on the WebhookCall model.

After the job has been dispatched, the request will be passed to a webhook response. A webhook response is a class that determines the HTTP response for the request. An 'ok' message response with 200 status code is returned by default, but you can easily create your own webhook response.

Verifying the signature of incoming webhooks

This package assumes that an incoming webhook request has a header that can be used to verify the payload has not been tampered with. The name of the header containing the signature can be configured in the signature_header_name key of the config file. By default, the package uses the DefaultSignatureValidator to validate signatures. This is how that class will compute the signature.

$computedSignature = hash_hmac('sha256', $request->getContent(), $configuredSigningSecret);

If the $computedSignature does match the value, the request will be passed to the webhook profile. If $computedSignature does not match the value in the signature header, the package will respond with a 500 and discard the request.

Creating your own signature validator

A signature validator is any class that implements Spatie\WebhookClient\SignatureValidator\SignatureValidator. Here's what that interface looks like.

use Illuminate\Http\Request;
use Spatie\WebhookClient\WebhookConfig;

interface SignatureValidator
{
    public function isValid(Request $request, WebhookConfig $config): bool;
}

WebhookConfig is a data transfer object that lets you easily pull up the config (containing the header name that contains the signature and the secret) for the webhook request.

After creating your own SignatureValidator you must register it in the signature_validator in the webhook-client config file.

Determining which webhook requests should be stored and processed

After the signature of an incoming webhook request is validated, the request will be passed to a webhook profile. A webhook profile is a class that determines if the request should be stored and processed. If the webhook sending app sends out request where your app isn't interested in, you can use this class to filter out such events.

By default the \Spatie\WebhookClient\WebhookProfile\ProcessEverythingWebhookProfile class is used. As its name implies, this default class will determine that all incoming requests should be stored and processed.

Creating your own webhook profile

A webhook profile is any class that implements \Spatie\WebhookClient\WebhookProfile\WebhookProfile. This is what that interface looks like:

namespace Spatie\WebhookClient\WebhookProfile;

use Illuminate\Http\Request;

interface WebhookProfile
{
    public function shouldProcess(Request $request): bool;
}

After creating your own WebhookProfile you must register it in the webhook_profile key in the webhook-client config file.

Storing and processing webhooks

After the signature is validated and the webhook profile has determined that the request should be processed, the package will store and process the request.

The request will first be stored in the webhook_calls table. This is done using the WebhookCall model.

Should you want to customize the table name or anything on the storage behavior, you can let the package use an alternative model. A webhook storing model can be specified in the webhook_model. Make sure your model extends Spatie\WebhookClient\Models\WebhookCall.

You can change how the webhook is stored by overriding the storeWebhook method of WebhookCall. In the storeWebhook method you should return a saved model.

Next, the newly created WebhookCall model will be passed to a queued job that will process the request. Any class that extends \Spatie\WebhookClient\Jobs\ProcessWebhookJob is a valid job. Here's an example:

namespace App\Jobs;

use Spatie\WebhookClient\Jobs\ProcessWebhookJob as SpatieProcessWebhookJob;

class ProcessWebhookJob extends SpatieProcessWebhookJob
{
    public function handle()
    {
        // $this->webhookCall // contains an instance of `WebhookCall`

        // perform the work here
    }
}

You should specify the class name of your job in the process_webhook_job of the webhook-client config file.

Creating your own webhook response

A webhook response is any class that implements \Spatie\WebhookClient\WebhookResponse\RespondsToWebhook. This is what that interface looks like:

namespace Spatie\WebhookClient\WebhookResponse;

use Illuminate\Http\Request;
use Spatie\WebhookClient\WebhookConfig;

interface RespondsToWebhook
{
    public function respondToValidWebhook(Request $request, WebhookConfig $config);
}

After creating your own WebhookResponse you must register it in the webhook_response key in the webhook-client config file.

Handling incoming webhook request for multiple apps

This package allows webhooks to be received from multiple different apps. Let's take a look at an example config file where we add support for two webhook URLs. All comments from the config have been removed for brevity.

return [
    'configs' => [
        [
            'name' => 'webhook-sending-app-1',
            'signing_secret' => 'secret-for-webhook-sending-app-1',
            'signature_header_name' => 'Signature-for-app-1',
            'signature_validator' => \Spatie\WebhookClient\SignatureValidator\DefaultSignatureValidator::class,
            'webhook_profile' => \Spatie\WebhookClient\WebhookProfile\ProcessEverythingWebhookProfile::class,
            'webhook_response' => \Spatie\WebhookClient\WebhookResponse\DefaultRespondsTo::class,
            'webhook_model' => \Spatie\WebhookClient\Models\WebhookCall::class,
            'process_webhook_job' => '',
        ],
        [
            'name' => 'webhook-sending-app-2',
            'signing_secret' => 'secret-for-webhook-sending-app-2',
            'signature_header_name' => 'Signature-for-app-2',
            'signature_validator' => \Spatie\WebhookClient\SignatureValidator\DefaultSignatureValidator::class,
            'webhook_profile' => \Spatie\WebhookClient\WebhookProfile\ProcessEverythingWebhookProfile::class,
            'webhook_response' => \Spatie\WebhookClient\WebhookResponse\DefaultRespondsTo::class,
            'webhook_model' => \Spatie\WebhookClient\Models\WebhookCall::class,
            'process_webhook_job' => '',
        ],
    ],
];

When registering routes for the package, you should pass the name of the config as a second parameter.

Route::webhooks('receiving-url-for-app-1', 'webhook-sending-app-1');
Route::webhooks('receiving-url-for-app-2', 'webhook-sending-app-2');

Using the package without a controller

If you don't want to use the routes and controller provided by your macro, you can programmatically add support for webhooks to your own controller.

Spatie\WebhookClient\WebhookProcessor is a class that verifies the signature, calls the web profile, stores the webhook request, and starts a queued job to process the stored webhook request. The controller provided by this package also uses that class under the hood.

It can be used like this:

$webhookConfig = new \Spatie\WebhookClient\WebhookConfig([
    'name' => 'webhook-sending-app-1',
    'signing_secret' => 'secret-for-webhook-sending-app-1',
    'signature_header_name' => 'Signature',
    'signature_validator' => \Spatie\WebhookClient\SignatureValidator\DefaultSignatureValidator::class,
    'webhook_profile' => \Spatie\WebhookClient\WebhookProfile\ProcessEverythingWebhookProfile::class,
    'webhook_response' => \Spatie\WebhookClient\WebhookResponse\DefaultRespondsTo::class,
    'webhook_model' => \Spatie\WebhookClient\Models\WebhookCall::class,
    'process_webhook_job' => '',
]);

(new \Spatie\WebhookClient\WebhookProcessor($request, $webhookConfig))->process();

Deleting models

Whenever a webhook comes in, this package will store as a WebhookCall model. After a while, you might want to delete old models.

The WebhookCall model has Laravel's MassPrunable trait applied on it. You can customize the cutoff date in the webhooks config file.

In this example all models will be deleted when older than 30 days.

return [
    'configs' => [
        // ...
    ],

    'delete_after_days' => 30,
];

After configuring the model, you should schedule the model:prune Artisan command in your application's Kernel class. Don't forget to explicitly mention the WebhookCall class. You are free to choose the appropriate interval at which this command should be run:

namespace App\Console;

use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
use Spatie\WebhookClient\Models\WebhookCall;

class Kernel extends ConsoleKernel
{
    protected function schedule(Schedule $schedule)
    {
        $schedule->command('model:prune', [
            '--model' => [WebhookCall::class],
        ])->daily();
    
        // This will not work, as models in a package are not used by default
        // $schedule->command('model:prune')->daily();
    }
}

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security-related issues, please email [email protected] instead of using the issue tracker.

Postcardware

You're free to use this package, but if it makes it to your production environment, we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.

Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium.

We publish all received postcards on our company website.

Credits

License

The MIT License (MIT). Please see License File for more information.

More Repositories

1

laravel-permission

Associate users with roles and permissions
PHP
11,600
star
2

laravel-medialibrary

Associate files with Eloquent models
PHP
5,427
star
3

laravel-backup

A package to backup your Laravel app
PHP
5,337
star
4

laravel-activitylog

Log activity inside your Laravel app
PHP
5,316
star
5

browsershot

Convert HTML to an image, PDF or string
PHP
4,434
star
6

laravel-query-builder

Easily build Eloquent queries from API requests
PHP
3,675
star
7

laravel-analytics

A Laravel package to retrieve pageviews and other data from Google Analytics
PHP
2,948
star
8

image-optimizer

Easily optimize images using PHP
PHP
2,450
star
9

async

Easily run code asynchronously
PHP
2,401
star
10

crawler

An easy to use, powerful crawler implemented in PHP. Can execute Javascript.
PHP
2,400
star
11

laravel-responsecache

Speed up a Laravel app by caching the entire response
PHP
2,248
star
12

data-transfer-object

Data transfer objects with batteries included
PHP
2,220
star
13

laravel-translatable

Making Eloquent models translatable
PHP
2,030
star
14

laravel-sitemap

Create and generate sitemaps with ease
PHP
2,011
star
15

dashboard.spatie.be

The source code of dashboard.spatie.be
PHP
1,940
star
16

laravel-fractal

An easy to use Fractal wrapper built for Laravel and Lumen applications
PHP
1,845
star
17

package-skeleton-laravel

A skeleton repository for Spatie's Laravel Packages
PHP
1,714
star
18

period

Complex period comparisons
PHP
1,618
star
19

laravel-collection-macros

A set of useful Laravel collection macros
PHP
1,602
star
20

laravel-newsletter

Manage Mailcoach and MailChimp newsletters in Laravel
PHP
1,570
star
21

checklist-going-live

The checklist that is used when a project is going live
1,489
star
22

laravel-tags

Add tags and taggable behaviour to your Laravel app
PHP
1,454
star
23

opening-hours

Query and format a set of opening hours
PHP
1,340
star
24

schema-org

A fluent builder Schema.org types and ld+json generator
PHP
1,337
star
25

eloquent-sortable

Sortable behaviour for Eloquent models
PHP
1,268
star
26

laravel-cookie-consent

Make your Laravel app comply with the crazy EU cookie law
PHP
1,268
star
27

laravel-data

Powerful data objects for Laravel
PHP
1,240
star
28

laravel-sluggable

An opinionated package to create slugs for Eloquent models
PHP
1,236
star
29

laravel-settings

Store strongly typed application settings
PHP
1,218
star
30

laravel-searchable

Pragmatically search through models and other sources
PHP
1,217
star
31

pdf-to-image

Convert a pdf to an image
PHP
1,207
star
32

laravel-mail-preview

A mail driver to quickly preview mail
PHP
1,171
star
33

once

A magic memoization function
PHP
1,159
star
34

laravel-honeypot

Preventing spam submitted through forms
PHP
1,134
star
35

laravel-image-optimizer

Optimize images in your Laravel app
PHP
1,121
star
36

laravel-google-calendar

Manage events on a Google Calendar
PHP
1,119
star
37

regex

A sane interface for php's built in preg_* functions
PHP
1,097
star
38

laravel-multitenancy

Make your Laravel app usable by multiple tenants
PHP
1,092
star
39

image

Manipulate images with an expressive API
PHP
1,064
star
40

array-to-xml

A simple class to convert an array to xml
PHP
1,056
star
41

laravel-uptime-monitor

A powerful and easy to configure uptime and ssl monitor
PHP
1,020
star
42

db-dumper

Dump the contents of a database
PHP
987
star
43

laravel-model-states

State support for models
PHP
968
star
44

laravel-view-models

View models in Laravel
PHP
963
star
45

simple-excel

Read and write simple Excel and CSV files
PHP
930
star
46

laravel-web-tinker

Tinker in your browser
JavaScript
925
star
47

laravel-webhook-server

Send webhooks from Laravel apps
PHP
920
star
48

calendar-links

Generate add to calendar links for Google, iCal and other calendar systems
PHP
904
star
49

laravel-db-snapshots

Quickly dump and load databases
PHP
889
star
50

laravel-mix-purgecss

Zero-config Purgecss for Laravel Mix
JavaScript
887
star
51

laravel-schemaless-attributes

Add schemaless attributes to Eloquent models
PHP
880
star
52

blender

The Laravel template used for our CMS like projects
PHP
879
star
53

fork

A lightweight solution for running code concurrently in PHP
PHP
863
star
54

laravel-schedule-monitor

Monitor scheduled tasks in a Laravel app
PHP
859
star
55

laravel-menu

Html menu generator for Laravel
PHP
854
star
56

phpunit-watcher

A tool to automatically rerun PHPUnit tests when source code changes
PHP
831
star
57

laravel-failed-job-monitor

Get notified when a queued job fails
PHP
826
star
58

laravel-model-status

Easily add statuses to your models
PHP
818
star
59

form-backend-validation

An easy way to validate forms using back end logic
JavaScript
800
star
60

temporary-directory

A simple class to work with a temporary directory
PHP
796
star
61

laravel-feed

Easily generate RSS feeds
PHP
789
star
62

laravel-event-sourcing

The easiest way to get started with event sourcing in Laravel
PHP
772
star
63

enum

Strongly typed enums in PHP supporting autocompletion and refactoring
PHP
769
star
64

laravel-server-monitor

Don't let your servers just melt down
PHP
769
star
65

laravel-package-tools

Tools for creating Laravel packages
PHP
767
star
66

laravel-tail

An artisan command to tail your application logs
PHP
726
star
67

valuestore

Easily store some values
PHP
722
star
68

laravel-health

Check the health of your Laravel app
PHP
719
star
69

geocoder

Geocode addresses to coordinates
PHP
709
star
70

pdf-to-text

Extract text from a pdf
PHP
707
star
71

ssh

A lightweight package to execute commands over an SSH connection
PHP
696
star
72

menu

Html menu generator
PHP
688
star
73

laravel-url-signer

Create and validate signed URLs with a limited lifetime
PHP
685
star
74

ssl-certificate

A class to validate SSL certificates
PHP
675
star
75

laravel-route-attributes

Use PHP 8 attributes to register routes in a Laravel app
PHP
674
star
76

laravel-validation-rules

A set of useful Laravel validation rules
PHP
663
star
77

laravel-pdf

Create PDF files in Laravel apps
PHP
661
star
78

url

Parse, build and manipulate URL's
PHP
659
star
79

laravel-html

Painless html generation
PHP
654
star
80

laravel-event-projector

Event sourcing for Artisans πŸ“½
PHP
642
star
81

laravel-server-side-rendering

Server side rendering JavaScript in your Laravel application
PHP
636
star
82

vue-tabs-component

An easy way to display tabs with Vue
JavaScript
626
star
83

macroable

A trait to dynamically add methods to a class
PHP
621
star
84

laravel-blade-javascript

A Blade directive to export variables to JavaScript
PHP
618
star
85

laravel-onboard

A Laravel package to help track user onboarding steps
PHP
616
star
86

laravel-csp

Set content security policy headers in a Laravel app
PHP
614
star
87

laravel-cors

Send CORS headers in a Laravel application
PHP
607
star
88

laravel-short-schedule

Schedule artisan commands to run at a sub-minute frequency
PHP
607
star
89

laravel-translation-loader

Store your translations in the database or other sources
PHP
602
star
90

vue-table-component

A straight to the point Vue component to display tables
JavaScript
591
star
91

activitylog

A very simple activity logger to monitor the users of your website or application
PHP
586
star
92

phpunit-snapshot-assertions

A way to test without writing actual testΒ cases
PHP
584
star
93

http-status-check

CLI tool to crawl a website and check HTTP status codes
PHP
584
star
94

laravel-queueable-action

Queueable actions in Laravel
PHP
584
star
95

ray

Debug with Ray to fix problems faster
PHP
574
star
96

freek.dev

The sourcecode of freek.dev
PHP
571
star
97

server-side-rendering

Server side rendering JavaScript in a PHP application
PHP
568
star
98

string

String handling evolved
PHP
558
star
99

laravel-http-logger

Log HTTP requests in Laravel applications
PHP
538
star
100

laravel-blade-x

Use custom HTML components in your Blade views
PHP
533
star