Protect your webhooks with Laravel Shield

Protect your webhooks with Laravel Shield

Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.

Once installed you can use it by using the middleware in your routes file. For example:

Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');

Any requests to the route will now run through the Shield GitHub service which runs the following checks:


namespace Clarkeash\Shield\Services;

use Illuminate\Http\Request;

class GitHub extends BaseService
    public function verify(Request $request): bool
        $generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config(''));

        return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));

    public function headers(): array
        return ['X-Hub-Signature'];

Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.

Update 10/23/2017

The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at

Filed in: Laravel Packages / webhooks


Join 31,000+ others and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Full-Stack Engineer
[REMOTE: USA Only] All Other Applications Will be Rejected Immediately"
Senior Full Stack PHP Developer
Motto Design Studio
Senior Software Engineer
Remote or Los Angeles
Sr. Software Engineer
Salt Lake City, UT
Senior Developer