Protect your webhooks with Laravel Shield

Protect your webhooks with Laravel Shield

Laravel Shield is a new package by Ashley Clarke that implements a middleware to protect against unverified webhooks from 3rd party services. It currently supports GitHub, GitLab, Stripe, and Zapier with pull requests open to include a few more.

Once installed you can use it by using the middleware in your routes file. For example:

Route::middleware('shield:github')->post('/hooks/github', 'HooksController@github');

Any requests to the route will now run through the Shield GitHub service which runs the following checks:


namespace Clarkeash\Shield\Services;

use Illuminate\Http\Request;

class GitHub extends BaseService
    public function verify(Request $request): bool
        $generated = 'sha1=' . hash_hmac('sha1', $request->getContent(), config(''));

        return hash_equals($generated, $this->header($request, 'X-Hub-Signature'));

    public function headers(): array
        return ['X-Hub-Signature'];

Check out the official repo for more information on Laravel Shield and easily start protecting your webhooks.

Update 10/23/2017

The package has moved to the Laravel Shield organization; the core package and service integrations are now broken up into separate repositories. You can find out more at

Filed in: Laravel Packages / webhooks


Join 31,000+ others and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Full Stack PHP (Mid-Level/Senior) Programmer
Software Developer
Remote, (US & Canada Only)
Patient Prism
Web Application Developer
Chicago Loop
Leading Real Estate Companies of the World
Multiple Laravel Developers (Part-Time)
Remote, USA Only
The Great Escape Room
Software Developer
Remote (US & Canada)