Protect your webhooks with Laravel Shield


October 13th, 2017

Protect your webhooks with Laravel Shield

Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.

Once installed you can use it by using the middleware in your routes file. For example:

Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');

Any requests to the route will now run through the Shield GitHub service which runs the following checks:

namespace Clarkeash\Shield\Services;
use Illuminate\Http\Request;
class GitHub extends BaseService
public function verify(Request $request): bool
$generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config(''));
return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));
public function headers(): array
return ['X-Hub-Signature'];

Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.

Update 10/23/2017

The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at

Filed in:

Eric L. Barnes

Eric is the creator of Laravel News and has been covering Laravel since 2012.