x-sign-payloadSecure Request Signing

Cross-language HMAC-SHA256/SHA512 payload verification for PHP and JavaScript

Get Started

View on GitHub

🔐

HMAC-SHA256/SHA512

Industry-standard cryptographic hashing algorithms for secure signature generation.

⏱️

Replay Protection

Configurable timestamp validation prevents replay attacks with customizable window.

🛠️

Multi-Framework

Native support for Laravel, CakePHP, CodeIgniter, and JavaScript/TypeScript.

⚡

Easy Integration

Simple middleware setup with auto-generated secrets and CLI commands.

Supported Languages & Frameworks

Language	Framework	Status
PHP	Laravel 10+	✅ Available
PHP	CakePHP 4+	✅ Available
PHP	CodeIgniter 4	✅ Available
JavaScript	Node.js / Browser	✅ Available
Python	Django / Flask	🚧 Coming Soon
Ruby	Ruby on Rails	🚧 Coming Soon

🔐 Payload Signer Playground

Try generating signed payloads with different configurations.

Configuration

Include Timestamp (Replay Protection)

Algorithm:

Secret Key:

Payload Data

Generated Output

X-Timestamp:1777528686941

X-Signature:Enter secret and payload to generate

Raw Message:1777528686941.{"email":"user@example.com","name":"John Doe"}

Code Example

import { XSignClient } from 'x-sign-payload';

const xSign = new XSignClient({
  secret: 'your-secret',
  algorithm: 'sha256',
  enableTimestamp: true
});

const payload = {
  "email": "user@example.com",
  "name": "John Doe"
};

const headers = await xSign.sign(payload);
// headers = {
//   'X-Timestamp': '1777528686941',
//   'X-Signature': 'sha256=...',
//   'Content-Type': 'application/json'
// }

Try It Now

Generate a signed payload right here. Configure your secret key, choose whether to include timestamp protection, and see the generated signature in real-time. Toggle between different programming languages to see the implementation code.