Can I use symfony/webhook directly in Laravel without Symfony’s full stack?

Yes, but you’ll need Laravel-specific adapters like spatie/laravel-webhook-server or fruitcake/laravel-webhook-handler to bridge Symfony components. These packages abstract Symfony’s dependencies while retaining core functionality. Avoid direct Symfony imports to minimize bloat.

What Laravel versions support symfony/webhook (PHP 8.1+)?

Laravel 9.x and 10.x (PHP 8.1+) are fully compatible. If you’re on Laravel 8.x (PHP 8.0), upgrade to Laravel 9+ to use this package. Symfony’s dependencies may conflict with older Laravel versions.

How do I handle incoming webhooks with Laravel’s middleware?

Use spatie/laravel-webhook-server to integrate Symfony’s Webhook component into Laravel routes. You can then wrap the handler with Laravel middleware (e.g., `VerifyCsrfToken`, `ThrottleRequests`) for security. The adapter handles payload parsing while middleware manages auth/rate limits.

Does symfony/webhook support retries for failed outgoing webhooks?

Yes, Symfony’s `WebhookSender` includes retry logic for failed outgoing requests. For Laravel, pair it with Laravel’s `HttpClient` or use a queue job (e.g., `ShouldQueue`) to defer retries. Customize retry delays via Symfony’s `RetryStrategy` or Laravel’s queue backoff settings.

Are there pre-built parsers for Stripe, GitHub, or Slack webhooks?

Symfony provides built-in parsers for Stripe, GitHub, Slack, and other popular services via `RemoteEvent` classes. These validate signatures and parse payloads automatically. For custom providers, extend `RequestParserInterface` or use Laravel’s service providers to register new parsers.

How do I log or audit webhook payloads in Laravel?

Store payloads in a `webhook_events` table for auditing or retries. Use Laravel’s `Queue` to process events asynchronously and log failures with `Log::error()`. Alternatively, leverage Laravel’s `HasEvents` trait to trigger custom events for payload storage.

What’s the performance impact of symfony/webhook in high-traffic apps?

Payload parsing and signature verification are lightweight, but async processing (e.g., queues) adds latency. Benchmark with tools like Laravel’s `queue:work --timeout=60` and optimize by caching parsed events or using Laravel’s `cache()` for frequent payloads.

Can I use symfony/webhook for real-time webhook processing?

Symfony’s async processing (via `Messenger`) may not suit Laravel’s synchronous routes. For real-time needs, use Laravel’s `Broadcast` channels or `Laravel Echo` alongside Symfony’s parsers. Hybrid approaches (sync for critical hooks, async for others) often work best.

What’s a lightweight alternative to symfony/webhook for simple Laravel apps?

For basic needs, consider `fruitcake/laravel-webhook-handler` (no Symfony dependencies) or `spatie/webhook-client` for outgoing hooks. These focus on Laravel-native solutions with minimal setup. Use them if your app handles <1K webhooks/month and lacks complex parsing needs.

How do I secure webhook endpoints against replay attacks?

Symfony’s `RequestParserInterface` validates signatures (e.g., HMAC, SHA-256) by default. In Laravel, combine this with middleware like `ThrottleRequests` and store payload IDs in a `webhook_events` table to detect duplicates. Use Laravel’s `signed` routes for additional protection.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Webhook Laravel Package

Q: How do I secure webhook endpoints against replay attacks?

Symfony’s `RequestParserInterface` validates signatures (e.g., HMAC, SHA-256) by default. In Laravel, combine this with middleware like `ThrottleRequests` and store payload IDs in a `webhook_events` table to detect duplicates. Use Laravel’s `signed` routes for additional protection.

symfony/webhook

Symfony Webhook component for sending and consuming webhooks. Helps build webhook endpoints, verify and parse incoming requests, and dispatch outgoing webhooks with consistent signatures and payload handling across integrations.

View on GitHub

Deep Wiki

Context7

The Symfony Webhook component streamlines both sending and consuming webhooks in Symfony apps. It provides the building blocks to dispatch webhook calls reliably and to receive, validate, and process incoming payloads using Symfony’s HTTP and security ecosystem.

Designed for integrations with third-party services and internal event delivery, it helps you implement consistent webhook flows with minimal boilerplate.

Send outgoing webhooks with configurable transports and payloads
Consume incoming webhooks via dedicated request handling tooling
Verify signatures and authenticate webhook requests
Normalize/deserialize payloads for safe processing
Integrate cleanly with Symfony’s event and HTTP foundation components

Frequently asked questions about Webhook

Can I use symfony/webhook directly in Laravel without Symfony’s full stack?: Yes, but you’ll need Laravel-specific adapters like spatie/laravel-webhook-server or fruitcake/laravel-webhook-handler to bridge Symfony components. These packages abstract Symfony’s dependencies while retaining core functionality. Avoid direct Symfony imports to minimize bloat.
What Laravel versions support symfony/webhook (PHP 8.1+)?: Laravel 9.x and 10.x (PHP 8.1+) are fully compatible. If you’re on Laravel 8.x (PHP 8.0), upgrade to Laravel 9+ to use this package. Symfony’s dependencies may conflict with older Laravel versions.
How do I handle incoming webhooks with Laravel’s middleware?: Use spatie/laravel-webhook-server to integrate Symfony’s Webhook component into Laravel routes. You can then wrap the handler with Laravel middleware (e.g., `VerifyCsrfToken`, `ThrottleRequests`) for security. The adapter handles payload parsing while middleware manages auth/rate limits.
Does symfony/webhook support retries for failed outgoing webhooks?: Yes, Symfony’s `WebhookSender` includes retry logic for failed outgoing requests. For Laravel, pair it with Laravel’s `HttpClient` or use a queue job (e.g., `ShouldQueue`) to defer retries. Customize retry delays via Symfony’s `RetryStrategy` or Laravel’s queue backoff settings.
Are there pre-built parsers for Stripe, GitHub, or Slack webhooks?: Symfony provides built-in parsers for Stripe, GitHub, Slack, and other popular services via `RemoteEvent` classes. These validate signatures and parse payloads automatically. For custom providers, extend `RequestParserInterface` or use Laravel’s service providers to register new parsers.
How do I log or audit webhook payloads in Laravel?: Store payloads in a `webhook_events` table for auditing or retries. Use Laravel’s `Queue` to process events asynchronously and log failures with `Log::error()`. Alternatively, leverage Laravel’s `HasEvents` trait to trigger custom events for payload storage.
What’s the performance impact of symfony/webhook in high-traffic apps?: Payload parsing and signature verification are lightweight, but async processing (e.g., queues) adds latency. Benchmark with tools like Laravel’s `queue:work --timeout=60` and optimize by caching parsed events or using Laravel’s `cache()` for frequent payloads.
Can I use symfony/webhook for real-time webhook processing?: Symfony’s async processing (via `Messenger`) may not suit Laravel’s synchronous routes. For real-time needs, use Laravel’s `Broadcast` channels or `Laravel Echo` alongside Symfony’s parsers. Hybrid approaches (sync for critical hooks, async for others) often work best.
What’s a lightweight alternative to symfony/webhook for simple Laravel apps?: For basic needs, consider `fruitcake/laravel-webhook-handler` (no Symfony dependencies) or `spatie/webhook-client` for outgoing hooks. These focus on Laravel-native solutions with minimal setup. Use them if your app handles <1K webhooks/month and lacks complex parsing needs.
How do I secure webhook endpoints against replay attacks?: Symfony’s `RequestParserInterface` validates signatures (e.g., HMAC, SHA-256) by default. In Laravel, combine this with middleware like `ThrottleRequests` and store payload IDs in a `webhook_events` table to detect duplicates. Use Laravel’s `signed` routes for additional protection.

View on GitHub

Stars

Favorites

Forks

Score

29.9

License

MIT

Last release

Mar 31, 2026

Watchers

Downloads

196K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport