Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Webhook Client
Assessments

Laravel Webhook Client Laravel Package

spatie/laravel-webhook-client

Receive webhooks in your Laravel app with Spatie’s webhook client. Verify signed requests, store incoming payloads, and process them asynchronously via queued jobs. Includes configurable webhook profiles and processing logic for reliable integrations.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Event-Driven Integration: The package excels in Laravel’s event-driven architecture, enabling seamless integration with webhook-based event systems (e.g., Stripe, GitHub, Slack). It aligns with Laravel’s middleware, queue, and model layers, reducing boilerplate for signature validation, storage, and async processing.
  • Modular Design: The package’s extensibility (custom validators, profiles, responses, and jobs) fits Laravel’s modularity, allowing TPMs to tailor behavior without monolithic refactoring.
  • Database-Centric: The inclusion of a webhook_calls table and model aligns with Laravel’s Eloquent ORM, simplifying auditing, retries, and debugging.

Integration Feasibility

  • Low Friction: Minimal setup (composer install, config publish, migration, route registration) reduces integration time. The package handles CSRF exemption and signature validation out-of-the-box.
  • Queue-Driven Processing: Offloading payload processing to a queued job (ProcessWebhookJob) ensures fast HTTP responses (critical for webhook SLAs) while decoupling heavy logic.
  • Multi-Provider Support: Configurable per-provider (e.g., Stripe vs. GitHub) via the configs array in webhook-client.php, enabling a single Laravel instance to handle diverse webhook sources.

Technical Risk

  • Signature Validation Assumptions: Relies on HMAC-SHA256 by default, which may not match all providers (e.g., some use RSA). Custom validators mitigate this but require upfront research.
  • Database Schema Lock-in: The webhook_calls table is opinionated (e.g., created_at, payload, exception). Custom models can extend it, but schema changes may require migrations.
  • Queue Dependencies: Async processing introduces failure modes if the queue (e.g., Redis, database) is misconfigured or overloaded. Monitoring job failures via the exception field on WebhookCall is critical.
  • Payload Size Limits: Large payloads (e.g., binary data) may hit Laravel’s request size limits or database constraints. The package lacks built-in compression or streaming.

Key Questions

  1. Provider Compatibility: Does the target webhook provider’s signature scheme (e.g., RSA, custom headers) align with the package’s defaults, or will custom validators be needed?
  2. Queue Strategy: How will job failures (e.g., retries, dead-letter queues) be handled? Will the exception field in WebhookCall suffice for observability?
  3. Payload Handling: Are payloads expected to be large or binary? If so, how will they be stored (e.g., database BLOB vs. external storage)?
  4. Testing: How will webhook endpoints be tested (e.g., mocking HTTP requests, validating signatures)? The package lacks built-in test helpers.
  5. Scaling: Will the webhook endpoint need horizontal scaling (e.g., load balancers)? If so, how will signature validation and idempotency be managed?
  6. Idempotency: Does the use case require idempotent handling of duplicate webhooks? The package does not include this natively.
  7. Monitoring: Are there plans to monitor webhook delivery success/failure rates? The webhook_calls table could feed into dashboards.

Integration Approach

Stack Fit

  • Laravel Ecosystem: Optimized for Laravel (v8+), leveraging Eloquent, queues, middleware, and routing. No external dependencies beyond Laravel’s core.
  • Queue Systems: Works with Laravel’s queue drivers (database, Redis, etc.), enabling horizontal scaling of processing.
  • Database: Requires a relational database (MySQL, PostgreSQL) for the webhook_calls table. No support for NoSQL.
  • HTTP Layer: Assumes a traditional request/response cycle; not suitable for WebSocket or gRPC-based webhooks.

Migration Path

  1. Discovery Phase:
    • Audit target webhook providers (e.g., Stripe, GitHub) to confirm signature schemes, payload structures, and SLAs.
    • Identify custom requirements (e.g., idempotency, payload compression).
  2. Setup:
    • Install via Composer: composer require spatie/laravel-webhook-client.
    • Publish config and migrations: php artisan vendor:publish --provider="Spatie\WebhookClient\WebhookClientServiceProvider" --tag="webhook-client-config" and --tag="webhook-client-migrations".
    • Configure .env with provider-specific secrets (e.g., WEBHOOK_CLIENT_SECRET=stripe_webhook_secret).
  3. Routing:
    • Register routes in routes/web.php: 
      Route::webhooks('stripe/webhooks');
Route::webhooks('github/webhooks');
    • Exclude routes from CSRF in app/Http/Middleware/VerifyCsrfToken.php.
  4. Customization:
    • Implement custom SignatureValidator, WebhookProfile, or ProcessWebhookJob if needed (e.g., for provider-specific logic).
    • Example custom job: 
      namespace App\Jobs;
use Spatie\WebhookClient\Jobs\ProcessWebhookJob;
class StripeWebhookJob extends ProcessWebhookJob {
    public function handle() {
        $payload = $this->webhookCall->payload;
        // Process Stripe events
    }
}
    • Update config/webhook-client.php to point to custom classes.
  5. Database:
    • Run migrations: php artisan migrate.
    • Optionally extend WebhookCall model for custom fields.
  6. Testing:
    • Use Laravel’s HTTP tests to simulate webhook payloads: 
      public function test_stripe_webhook() {
    $response = $this->postJson('/stripe/webhooks', $payload, [
        'HTTP_Signature' => 'sha256=...',
    ]);
    $response->assertOk();
}

Compatibility

  • Laravel Versions: Tested on Laravel 8+. May require adjustments for older versions (e.g., CSRF middleware changes).
  • PHP Versions: Requires PHP 8.0+. No support for PHP 7.x.
  • Provider-Specific: No built-in support for providers; relies on custom logic in ProcessWebhookJob.
  • Idempotency: Not natively supported; requires application-level handling (e.g., tracking processed events in a separate table).

Sequencing

  1. Phase 1: Core Integration (2–3 days):
    • Install, configure, and test basic webhook reception for one provider.
    • Validate signature verification and payload storage.
  2. Phase 2: Customization (1–2 days):
    • Implement custom validators/profiles if needed.
    • Develop provider-specific ProcessWebhookJob classes.
  3. Phase 3: Observability (1 day):
    • Set up monitoring for webhook_calls (e.g., failed jobs, latency).
    • Configure alerts for signature failures or queue backlogs.
  4. Phase 4: Scaling (Ongoing):
    • Optimize queue workers (e.g., batch processing, concurrency).
    • Load-test the endpoint under expected traffic.

Operational Impact

Maintenance

  • Package Updates: The package is actively maintained (last release 2026-04-30). Minor updates (e.g., Laravel compatibility) are low-risk.
  • Custom Code: Custom validators, profiles, or jobs may require updates if provider APIs change (e.g., Stripe’s webhook payload structure).
  • Database Schema: Migrations for the webhook_calls table are version-controlled, reducing schema drift risk.

Support

  • Debugging: The webhook_calls table provides a audit trail of all incoming webhooks, including:
    • Payloads (for inspection).
    • Exceptions (if job processing fails).
    • Headers (for signature validation debugging).
  • Provider Support: Issues with provider-specific logic (e.g., parsing Stripe events) fall to the application code, not the package.
  • Community: 1.2K+ GitHub stars and MIT license ensure community support, though Spatie’s commercial support is paid.

Scaling

  • Horizontal Scaling: The package is stateless (except for the webhook_calls table), enabling horizontal scaling of the webhook endpoint. Use a load balancer to distribute traffic.
  • Queue Scaling: Processing jobs can be scaled by adding more queue workers (e.g., Supervisor for Redis queues).
  • Database Load: High-volume webhooks may require:
    • Indexing webhook_calls table (e.g., created_at, provider).
    • Archiving old records (configurable via delete_after_days).
    • Read replicas for analytics queries.
  • Payload Size: Large payloads may require:
    • Database optimization (e.g., JSON columns for structured data).
    • External storage (e.g., S3) for binary data, with webhook_calls storing metadata only.

Failure Modes

Failure Scenario Impact Mitigation
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope