Join 6,000+ Laravel Developers on March 6, 2019 for Laracon Online. Get your tickets today!
Protect your webhooks with Laravel Shield
Laravel Packages / updated: October 23, 2017

Protect your webhooks with Laravel Shield

Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.

Once installed you can use it by using the middleware in your routes file. For example:

Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');

Any requests to the route will now run through the Shield GitHub service which runs the following checks:


namespace Clarkeash\Shield\Services;

use Illuminate\Http\Request;

class GitHub extends BaseService
    public function verify(Request $request): bool
        $generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config(''));

        return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));

    public function headers(): array
        return ['X-Hub-Signature'];

Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.

Update 10/23/2017

The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at

Laravel News Partners


Join the weekly newsletter and never miss out on new tips, tutorials, and more.