URL Signing with PHP

URL signing is a great way to implement a simple level of security when sending requests between servers when both parties have a known secret key.

I’ve written a simple PHP class to show how you can easily create and validate signed URLs.

Remember that when you’re sending signed URLs, always have a timestamp parameter so that the URL is only useful within a small window (a few seconds). A good extension to this class would be to pass the validation function the name of a timestamp param, and tolerance for how long before the timestamp is considered “too old” to be valid.

comments powered by Disqus