Skip to content
/ escher-php Public
forked from emartech/escher-php

Library for HTTP request signing (PHP implementation)

License

MIT license
0 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fqqdk/escher-php

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

298 Commits
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 

Repository files navigation

EscherPHP - HTTP request signing lib Build Status

Escher helps you creating secure HTTP requests (for APIs) by signing HTTP(s) requests. It's both a server side and client side implementation. The status is work in progress.

The algorithm is based on Amazon's AWS Signature Version 4, but we have generalized and extended it.

More details will be available at our documentation site.

Signing a request

Escher works by calculating a cryptographic signature of your request, and adding it (and other authentication information) to said request. Usually you will want to add the authentication information to the request by appending extra headers to it. Let's say you want to send a signed POST request to http://example.com/ using the Guzzle\Http library:

$method = 'POST';
$url = 'http://example.com';
$requestBody = '{ "this_is": "a_request_body" }';
$yourHeaders = array('Content-Type' => 'application/json');

$headersWithAuthInfo = Escher::create('example/credential/scope')
    ->signRequest('YOUR ACCESS KEY ID', 'YOUR SECRET', $method, $url, $requestBody, $yourHeaders);

$client = new GuzzleHttp\Client();
$response = $client->post($url, array(
    'body' => $requestBody,
    'headers' => $headersWithAuthInfo
));

Presigning an URL

In some cases you may want to send authenticated requests from a context where you cannot modify the request headers, e.g. when embedding an API generated iframe. You can however generate a presigned URL, where the authentication information is added to the query string.

$presignedUrl = Escher::create('example/credential/scope')
    ->presignUrl('YOUR ACCESS KEY ID', 'YOUR SECRET', 'http://example.com');

Validating a request

You can validate a request signed by the methods described above. For that you will need a database of the access keys and secrets of your clients. Escher accepts any kind of object as a key database that implements the ArrayAccess interface. (It also accepts plain arrays, however it is not recommended to use a php array for a database of API secrets - it's just there to ease testing)

try {
    $keyDB = new ArrayObject(array(
        'ACCESS KEY OF CLIENT 1'  => 'SECRET OF CLIENT 1',
        'ACCESS KEY OF CLIENT 42' => 'SECRET OF CLIENT 42',
    ));
    Escher::create('example/credential/scope')->validateRequest($keyDB);
} catch (EscherException $ex) {
    echo 'The validation failed! ' . $ex->getMessage();
}

Configuration

TBA

About

Library for HTTP request signing (PHP implementation)

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • PHP 100.0%