Receiver is a drop-in webhook handling library for Laravel.

Webhooks are a powerful part of any API lifecycle. Receiver aims to make handling incoming webhooks in your Laravel app a consistent and easy process.

Out of the box, Receiver has built in support for:

• GitHub Webhooks
• Hubspot Webhooks
• Postmark Webhooks
• Slack Events API
• Stripe Webhooks

Of course, Receiver can receive webhooks from any source using custom providers.

• Installation
• Receiving Webhooks
  • The Basics
  • Receiving from multiple apps
• Handling Webhooks
  • The Basics
  • Queueing handlers
• Extending Receiver
  • Adding custom providers
  • Defining attributes
  • Securing webhooks
  • Handshakes
• Community Receivers
• Credits
• License

Requires:

• PHP ^8.1
• Laravel 9+

composer require hotmeteor/receiver

Optional:

Stripe support requires stripe/stripe-php

Webhooks require an exposed endpoint to POST to. Receiver aims to make this a one-time setup that supports any of your incoming webhooks.

1. Create a controller and route for the webhooks you expect to receive.
2. Receive the webhook and handle it, as necessary:

   <?php
   
   namespace App\Http\Controllers\Webhooks;
   
   use App\Http\Controllers\Controller;
   use Illuminate\Http\Request;
   
   class WebhooksController extends Controller
   {
      public function store(Request $request)
      {
          return Receiver::driver('slack')
              ->receive($request)
              ->ok();
      }
   }

The methods being used are simple:

• Define the driver that should process the webhook
• receive the request for handling
• Respond back to the sender with a 200 ok response

Maybe you have webhooks coming in from multiple services -- handle them all from one controller with a driver variable from your route.

<?php

namespace App\Http\Controllers\Webhooks;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;

class WebhooksController extends Controller
{
   public function store(Request $request, string $driver)
   {
       return Receiver::driver($driver)
           ->receive($request)
           ->ok();
   }
}

The provided ReceivesWebhooks trait will take care of this for you.

<?php

namespace App\Http\Controllers\Webhooks;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Receiver\ReceivesWebhooks;

class WebhooksController extends Controller
{
   use ReceivesWebhooks;
}

Note: you'll still need to create the route to this action. Example:

Route::post('/hooks/{driver}', [\App\Http\Controllers\Webhooks\WebhooksController::class, 'store'])
    ->withoutMiddleware(\App\Http\Middleware\VerifyCsrfToken::class);

Receiver allows you to safely handle webhooks for events you do not handle. Add a fallback method before ok – it takes a callback that is passed the webhook object.

<?php

namespace App\Http\Controllers\Webhooks;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Receiver\Providers\Webhook;

class WebhooksController extends Controller
{
   public function store(Request $request, string $driver)
   {
       return Receiver::driver($driver)
           ->receive($request)
           ->fallback(function(Webhook $webhook) {
               // Do whatever you like here...
           })
           ->ok();
   }
}

Now that webhooks are being received they need to be handled. Receiver will look for designated Handler classes for each event type that comes in in the App\Http\Handlers\[Driver] namespace. Receiver does not provide these handlers -- they are up to you to provide as needed. If Receiver doesn't find a matching handler it simplies ignores the event and responds with a 200 status code.

For example, a Stripe webhook handler would be App\Http\Handlers\Stripe\CustomerCreated for the incoming customer.created event.

Each handler is constructed with the event (name of the webhook event) and data properties.

Each handler must also use the Dispatchable trait.

<?php

namespace App\Http\Handlers\Stripe;

use Illuminate\Foundation\Bus\Dispatchable;

class CustomerCreated
{
    use Dispatchable;
    
    public function __construct(public string $event, public array $data)
    {
    }

    public function handle()
    {
        // Your code here
    }
}

Of course, since your app may be receiving a lot of webhooks it might be better practice to queue these handlers. That way your app can efficiently respond back to the service that the webhook was received and requests aren't being blocked as events are handled.

Receiver attempts to dispatch every handled event, so queueing handlers is simply a matter of setting them up like any Laravel queued job:

<?php

namespace App\Http\Handlers\Stripe;

use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\SerializesModels;

class CustomerCreated implements ShouldQueue
{
    use Dispatchable;
    use InteractsWithQueue;
    use Queueable;
    use SerializesModels;

    public function __construct(public string $event, public array $data)
    {
    }

    public function handle()
    {
        // Your code here
    }
}

As mentioned previously, Receiver can handle webhooks from any source. Even though there are a few providers distributed with the package, Receiver can easily be extended to work with other apps.

The easiest way to add a new provider is to use the included Artisan command:

php artisan receiver:make <name>

This command will generate a new provider with the name you defined. This class will be created in the App\Http\Receivers namespace.

If your provider needs to be able to verify webhook signatures simply add the --verified flag to the command:

php artisan receiver:make <name> --verified

Once you've created your new provider you can simply extend Receiver in your AppServiceProvider so that Receiver can use it:

<?php

namespace App\Providers;

use App\Http\Receivers\MailchimpProvider;
use App\Http\Receivers\MailgunProvider;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        // 
    }

    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        $receiver = app('receiver');

        $receiver->extend('mailchimp', function ($app) {
            return new MailchimpProvider(
                config('services.mailchimp.webhook_secret')
            );
        });
        
        $receiver->extend('mailgun', function ($app) {
            return new MailgunProvider(
                config('services.mailgun.webhook_secret')
            );
        });
    }
}

Receiver needs two pieces of information to receive and handle webhook events:

• The event name
• The event data

Since these are found in different attributes or headers depending on the webhook, Receiver makes it simple ways to define them in your provider.

<?php

namespace Receiver\Providers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class CustomProvider extends AbstractProvider
{
    /**
     * @param Request $request
     * @return string
     */
    public function getEvent(Request $request): string
    {
        return $request->input('event.name');
    }
    
    /**
     * @param Request $request
     * @return array
     */
    public function getData(Request $request): array
    {
        return $request->all();
    }
}

The getEvent() method is used to return the name of the webhook event, ie. customer.created.

The getData() method is used to return the payload of data that can be used within your handler. By default this is set to $request->all().

Many webhooks have ways of verifying their authenticity as they are received, most commonly through signatures or basic authentication. No matter the strategy, Receiver allows you to write custom verification code as necessary. Simply implement the verify method in your provider and return true or false if it passes.

A false return will result in a 401 response being returned to the webhook sender.

<?php

namespace Receiver\Providers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class CustomProvider extends AbstractProvider
{
    public function verify(Request $request): bool
    {
        // return result of verification
    }
}

Some webhooks want to perform a "handshake" to check if your endpoint exists and returns a valid response when it's first set up. To facilitate this, implement the handshake method in your provider:

<?php

namespace Receiver\Providers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class CustomProvider extends AbstractProvider
{
    public function handshake(Request $request): array
    {
        // return result of handshake
    }
}

Unlike the verify method, handshake expects an array to be returned, since many times the webhook sender is expecting a specific "challenge" response. The return of the handshake method is sent back to the webhook sender.

Have you created a custom Receiver? Share it with the community in our Receivers Discussion topic!

• Adam Campbell
• All Contributors

Made with contributors-img.

The MIT License (MIT). Please see License File for more information.