Receiver
Receiver is a drop-in webhook handling library for Laravel.
Webhooks are a powerful part of any API lifecycle. Receiver aims to make handling incoming webhooks in your Laravel app a consistent and easy process.
Out of the box, Receiver has built in support for:
Of course, Receiver can receive webhooks from any source using custom providers.
Table of Contents
Installation
Requires:
- PHP ^8.0
- Laravel 8+
composer require hotmeteor/receiver
Optional:
Stripe support requires stripe/stripe-php
Receiving Webhooks
The Basics
Webhooks require an exposed endpoint to POST to. Receiver aims to make this a one-time setup that supports any of your incoming webhooks.
- Create a controller and route for the webhooks you expect to receive.
- Receive the webhook and handle it, as necessary:
<?php namespace App\Http\Controllers\Webhooks; use App\Http\Controllers\Controller; use Illuminate\Http\Request; class WebhooksController extends Controller { public function store(Request $request) { Receiver::driver('slack') ->receive($request) ->ok(); } }
The methods being used are simple:
- Define the
driverthat should process the webhook receivethe request for handling- Respond back to the sender with a
200okresponse
Receiving from multiple apps
Maybe you have webhooks coming in from multiple services -- handle them all from one controller with a driver variable from your route.
<?php
namespace App\Http\Controllers\Webhooks;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
class WebhooksController extends Controller
{
public function store(Request $request, string $driver)
{
Receiver::driver($driver)
->receive($request)
->ok();
}
}
The provided ReceivesWebhooks trait will take care of this for you.
Note: you'll still need to create the route to this action.
<?php
namespace App\Http\Controllers\Webhooks;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Receiver\ReceivesWebhooks;
class WebhooksController extends Controller
{
use ReceivesWebhooks;
}
Handling Webhooks
The Basics
Now that webhooks are being received they need to be handled. Receiver will look for designated Handler classes for each event type that comes in in the App\Http\Handlers\[Driver] namespace. Receiver does not provide these handlers -- they are up to you to provide as needed. If Receiver doesn't find a matching handler it simplies ignores the event and responds with a 200 status code.
For example, a Stripe webhook handler would be App\Http\Handlers\Stripe\CustomerCreated for the incoming customer.created event.
Each handler is constructed with the event (name of the webhook event) and data properties.
<?php
namespace App\Http\Handlers\Stripe;
class CustomerCreated
{
public function __construct(public string $event, public array $data)
{
}
public function handle()
{
// Your code here
}
}
Queueing Handlers
Of course, since your app may be receiving a lot of webhooks it might be better practice to queue these handlers. That way your app can efficiently respond back to the service that the webhook was received and requests aren't being blocked as events are handled.
Receiver attempts to dispatch every handled event, so queueing handlers is simply a matter of setting them up like any Laravel queued job:
<?php
namespace App\Http\Handlers\Stripe;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\SerializesModels;
class CustomerCreated implements ShouldQueue
{
use Dispatchable;
use InteractsWithQueue;
use Queueable;
use SerializesModels;
public function __construct(public string $event, public array $data)
{
}
public function handle()
{
// Your code here
}
}
Extending Receiver
As mentioned previously, Receiver can handle webhooks from any source. Even though there are a few providers distributed with the package, Receiver can easily be extended to work with other apps.
Adding Custom Providers
The easiest way to add a new provider is to use the included Artisan command:
php artisan receiver:make <name>
This command will generate a new provider with the name you defined. This class will be created in the App\Http\Receivers namespace.
If your provider needs to be able to verify webhook signatures simply add the --verified flag to the command:
php artisan receiver:make <name> --verified
Once you've created your new provider you can simply extend Receiver in your AppServiceProvider so that Receiver can use it:
<?php
namespace App\Providers;
use App\Http\Receivers\MailchimpProvider;
use App\Http\Receivers\MailgunProvider;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*
* @return void
*/
public function register()
{
//
}
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot()
{
$receiver = app('receiver');
$receiver->extend('mailchimp', function ($app) {
return new MailchimpProvider(
config('services.mailchimp.webhook_secret')
);
});
$receiver->extend('mailgun', function ($app) {
return new MailgunProvider(
config('services.mailgun.webhook_secret')
);
});
}
}
Defining Attributes
Receiver needs two pieces of information to receive and handle webhook events:
- The event
name - The event
data
Since these are found in different attributes or headers depending on the webhook, Receiver makes it simple ways to define them in your provider.
<?php
namespace Receiver\Providers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class CustomProvider extends AbstractProvider
{
/**
* @param Request $request
* @return string
*/
public function getEvent(Request $request): string
{
return $request->input('event.name');
}
/**
* @param Request $request
* @return array
*/
public function getData(Request $request): array
{
return $request->all();
}
}
The getEvent() method is used to return the name of the webhook event, ie. customer.created.
The getData() method is used to return the payload of data that can be used within your handler. By default this is set to $request->all().
Securing Webhooks
Many webhooks have ways of verifying their authenticity as they are received, most commonly through signatures or basic authentication. No matter the strategy, Receiver allows you to write custom verification code as necessary. Simply implement the verify method in your provider and return true or false if it passes.
A false return will result in a 401 response being returned to the webhook sender.
<?php
namespace App\Http\Controllers\Webhooks;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
class WebhooksController extends Controller
{
public function verify(Request $request): bool
{
// return result of verification
}
public function store(Request $request, string $driver)
{
Receiver::driver($driver)
->receive($request)
->ok();
}
}
Handshakes
Some webhooks want to perform a "handshake" to check if your endpoint exists and returns a valid response when it's first set up. To facilitate this, implement the handshake method in your provider:
<?php
namespace App\Http\Controllers\Webhooks;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
class WebhooksController extends Controller
{
public function handshake(Request $request): array
{
// return result of handshake
}
public function store(Request $request, string $driver)
{
Receiver::driver($driver)
->receive($request)
->ok();
}
}
Unlike the verify method, handshake expects an array to be returned, since many times the webhook sender is expecting a specific "challenge" response. The return of the handshake method is sent back to the webhook sender.
Credits
Made with contributors-img.
License
The MIT License (MIT). Please see License File for more information.
10 Feb 21, 2022
3 Oct 15, 2022
1 Dec 3, 2021
2 May 7, 2022
1 Aug 11, 2022
5 Jun 7, 2023
2 Nov 20, 2021
381 Dec 12, 2022
3 Jun 27, 2022
1 Aug 29, 2022
196 Dec 29, 2022
25 Dec 22, 2022
275 Sep 14, 2022
460 Dec 26, 2022
727 Dec 21, 2022
214 Nov 21, 2022
12 Jun 2, 2022
31.1k Dec 30, 2022
16 Oct 24, 2022