Skip to content

packagist/private-packagist-api-client

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Private Packagist API Client

Table of Contents

Requirements

Install

Via Composer:

$ composer require private-packagist/api-client guzzlehttp/guzzle

Why do you need to require guzzlehttp/guzzle? We are decoupled from any HTTP messaging client with help by HTTPlug, so you can pick an HTTP client of your choice, guzzle is merely a recommendation.

Basic usage of private-packagist/api-client client

<?php

// This file is generated by Composer
require_once __DIR__ . '/vendor/autoload.php';

$client = new \PrivatePackagist\ApiClient\Client();
$client->authenticate('api-key', 'api-secret');
$packages = $client->packages()->all();

From $client object, you can access the full Private Packagist API.

Documentation

Full documentation can be found in the Private Packagist documentation.

Organization

Trigger a full synchronization

$jobs = $client->organization()->sync();

Returns an array of created jobs. One for every synchronization.

Team

The permissions available for a team are:

  • canEditTeamPackages: members of the team can edit and remove packages, assign package permissions (only applies to packages assigned to team).
  • canAddPackages: members of the team can add packages to organization; add, edit and remove credentials and mirrored third-party repositories.
  • canCreateSubrepositories: members of the team can create subrepositories.
  • canViewVendorCustomers: members of the team can view customers, their Composer information, their packages, and their install statistics.
  • canManageVendorCustomers: members of the team can create and delete customers, add and remove packages, update their settings, view Composer information and install statistics.
use PrivatePackagist\ApiClient\TeamPermissions;

$permissions = new TeamPermissions;
// Grant all permissions.
$permissions->canEditTeamPackages = true;
$permissions->canAddPackages = true;
$permissions->canCreateSubrepositories = true;
$permissions->canManageVendorCustomers = true;
$permissions->canManageVendorCustomers = true;

The permissions model can also be constructed via flags:

use PrivatePackagist\ApiClient\TeamPermissions;

$permissions = TeamPermissions::fromFlags(
    TeamPermissions::PERMISSION_CAN_EDIT_TEAM_PACKAGES | TeamPermissions::PERMISSION_CAN_ADD_PACKAGES,
);

Or from the permissions of an existing team:

use PrivatePackagist\ApiClient\TeamPermissions;

$team = $client->teams()->all()[0];
$permissions = TeamPermissions::fromTeamResponse($team);

List an organization's teams

$teams = $client->teams()->all();

Returns an array of teams.

Create a New Team

use PrivatePackagist\ApiClient\TeamPermissions;

$permissions = new TeamPermissions;
$team = $client->teams()->create('New Team Name', $permissions);

Creates a team and sets permissions applied to team members. Returns the newly-created team.

Show a Team

$team = $client->teams()->show($teamId);

Returns the team including all its members.

Edit a Team

use PrivatePackagist\ApiClient\TeamPermissions;

$permissions = new TeamPermissions;
$team = $client->teams()->edit($teamId, 'Altered Team Name', $permissions);

Edits a team's name and permissions to be applied to team members. Returns the updated team.

Grant All Package Access

$team = $client->teams()->grantAccessToAllPackages($teamId);

Granting a team access to all packages will give this team access to all current and future organization packages which do not have their permissions synchronized.

Revoke All Package Access

$team = $client->teams()->revokeAccessToAllPackages($teamId);

Revoking a team's access to all packages will not remove access to packages the team can currently access, but will prevent access to new packages and allow revoking individual package access.

Delete a Team

$client->teams()->remove($teamId);

Add Member to Team (by User ID)

$team = $client->teams()->addMember($teamId, $userId);

Returns the team the user was added to.

Remove Member from Team

$client->teams()->removeMember($teamId, $userId);

List all private packages a team has access to

$teamId = 1;
$packages = $client->teams()->packages($teamId);

Returns an array of packages.

Grant a team access to a list of private packages

You pass an array of packages to give access to. The values of the array can be either package ID or package name.

$teamId = 1;
$packages = $client->teams()->addPackages($teamId, ['acme-website/package', 1]);

Returns an array of packages.

Remove access for a package from a team

You can use the package ID or package name as a reference.

$teamId = 1;
$packages = $client->teams()->removePackage($teamId, 'acme-website/package');

Authentication Tokens

List an organization's team authentication tokens

$tokens = $client->tokens()->all();

Returns an array of team tokens.

Create a new team authentication token

// Create a new token with access to all packages
$token = $client->tokens()->create([
    'description' => 'New Team Token',
    'access' => 'read',
    'accessToAllPackages' => true,
]);

// Create a new token with access to packages a team has access to
$token = $client->tokens()->create([
    'description' => 'New Team Token',
    'access' => 'read',
    'teamId' => 1, // Get teamId from the list of teams to determine to which packages the token has access to
]);

Returns the created token.

Delete a team authentication token

$client->tokens()->remove($tokenId));

Regenerate a team authentication token

$customerId = 42;
$confirmation = [
    'IConfirmOldTokenWillStopWorkingImmediately' => true,
];
$token = $client->tokens()->regenerateToken($tokenId, $confirmation);

Returns the regenerated token.

Customer

List an organization's customers

$customers = $client->customers()->all();

Returns an array of customers.

Show a customer

$customerId = 42;
$customer = $client->customers()->show($customerId);
// or
$customerUrlName = 'customer-url-name';
$customer = $client->customers()->show($customerUrlName);

Returns a single customer.

Create a customer

$customer = $client->customers()->create('New customer name');
// or
$customer = $client->customers()->create('New customer name', false, 'customer-url-name', 'beta', true);

Returns the customer.

Edit a customer

$customerId = 42;
$customerData = [
    'name' => $name,
    'urlName' => 'customer',
    'accessToVersionControlSource' => false,
    'minimumAccessibleStability' => 'beta',
    'assignAllPackages' => true,
];
$customer = $client->customers()->edit($customerId, $customerData);

Returns the customer.

Delete a customer

$customerId = 42;
$client->customers()->remove($customerId);

Enable a customer

$customerId = 42;
$customer = $client->customers()->enable($customerId);

Disable a customer

$customerId = 42;
$customer = $client->customers()->disable($customerId);

List a customer's packages

$customerId = 42;
$packages = $client->customers()->listPackages($customerId);

Returns an array of customer packages.

Show a customer's package

$customerId = 42;
$package = $client->customers()->showPackage($customerId, $packageName);
$accessibleVersions = $package['versions'];

Returns a customer's package, including the versions that the customer has been granted access to.

Grant a customer access to a package or edit the limitations

$customerId = 42;
$packages = [
    [
        'name' => 'acme-website/package',
        'versionConstraint' => '^1.0 | ^2.0', // optional version constraint to limit updates the customer receives
        'expirationDate' => (new \DateTime())->add(new \DateInterval('P1Y'))->format('c'), // optional expiration date to limit updates the customer receives
        'minimumAccessibleStability' => 'beta', // optional stability to restrict customers to specific package version stabilities like alpha, beta, or RC
    ],
];
$packages = $client->customers()->addOrEditPackages($customerId, $packages);

Returns an array of all added or edited customer packages.

Revoke access to a package from a customer

You can reference the package by its ID or name.

$customerId = 42;
$packageName = 'acme-website/package';
$client->customers()->removePackage($customerId, $packageName);

Regenerate a customer's Composer repository token

$customerId = 42;
$confirmation = [
    'IConfirmOldTokenWillStopWorkingImmediately' => true,
];
$composerRepository = $client->customers()->regenerateToken($customerId, $confirmation);

Returns the edited Composer repository.

List a customer's vendor bundles

$customerId = 42;
$packages = $client->customers()->vendorBundles()->listVendorBundles($customerId);

Returns an array of customer vendor bundles.

Grant a customer access to a vendor bundle or edit the limitations

$customerId = 42;
$vendorBundleId = 12;
$expirationDate = (new \DateTime())->add(new \DateInterval('P1Y'))->format('c'), // optional expiration date to limit updates the customer receives
$packages = $client->customers()->vendorBundles()->addOrEditVendorBundle($customerId, $vendorBundleId, $expirationDate);

Returns the added or edited customer vendor bundle.

Revoke access to a vendor bundle from a customer

$customerId = 42;
$vendorBundleId = 12;
$client->customers()->vendorBundles()->removeVendorBundle($customerId, $vendorBundleId);

Vendor Bundle

List an organization's vendor bundles

$vendorBundles = $client->vendorBundles()->all();

Returns an array of vendor bundles.

Show a vendor bundle

$vendorBundleId = 42;
$vendorBundle = $client->vendorBundles()->show($vendorBundleId);

Returns a single vendor bundle.

Create a vendor bundle

$vendorBundle = $client->vendorBundles()->create('New bundle name');
// or
$vendorBundle = $client->vendorBundles()->create('New bundle name', 'dev', '^1.0', true, [123]);

Returns the vendor bundle.

Edit a customer

$vendorBundleId = 42;
$vendorBundleData = [
    'name' => 'Bundle name',
    'minimumAccessibleStability' => 'dev',
    'versionConstraint' => '^1.0',
    'assignAllPackages' => true,
    'synchronizationIds' => [123], // A list of synchronization ids for which new packages should automatically be added to the bundle.
];
$vendorBundle = $client->vendorBundles()->edit($vendorBundleId, $vendorBundleData);

Returns the vendor bundle.

Delete a vendor bundle

$vendorBundleId = 42;
$client->vendorBundles()->remove($vendorBundleId);

List packages in a vendor bundle

$vendorBundleId = 42;
$packages = $client->vendorBundles()->packages()->listPackages($vendorBundleId);

Returns an array of vendor bundle packages.

Add one or more packages to a vendor bundle or edit their limitations

$vendorBundleId = 42;
$packages = [
    [
        'name' => 'acme-website/package',
        'versionConstraint' => '^1.0 | ^2.0', // optional version constraint to limit updates the customer receives
        'minimumAccessibleStability' => 'beta', // optional stability to restrict customers to specific package version stabilities like alpha, beta, or RC
    ],
];
$packages = $client->vendorBundles()->packages()->addOrEditPackages($vendorBundleId, $packages);

Returns an array of all added or edited customer packages.

Remove a package from a vendor bundle

You can reference the package by its ID or name.

$vendorBundleId = 42;
$packageName = 'acme-website/package';
$client->vendorBundles()->packages()->removePackage($vendorBundleId, $packageName);

Subrepository

List an organization's subrepositories

$subrepositories = $client->subrepositories()->all();

Returns an array of subrepositories.

Show a subrepository

$subrepositoryName = 'subrepository';
$subrepository = $client->subrepositories()->show($subrepositoryName);

Returns a single subrepository.

Create a subrepository

$subrepository = $client->subrepositories()->create('New subrepository name');

Returns the subrepository.

Delete a subrepository

$subrepositoryName = 'subrepository';
$client->subrepositories()->remove($subrepositoryName);

List a subrepository's teams

$subrepositoryName = 'subrepository';
$teams = $client->subrepositories()->listTeams($subrepositoryName);

Returns an array of subrepositories teams.

Add a team to a subrepository or edit the permission

$subrepositoryName = 'subrepository';
$teams = [
    [
        'id' => 12,
        'permission' => 'owner',
    ],
];
$teams = $client->subrepositories()->addOrEditTeams($subrepositoryName, $teams);

Returns an array of added subrepository teams.

Remove a team from a subrepository

$subrepositoryName = 'subrepository';
$teamId = 12;
$client->subrepositories()->removeTeam($subrepositoryName, $teamId);

List a subrepository's packages

$subrepositoryName = 'subrepository';
$packages = $client->subrepositories()->packages()->all($subrepositoryName);

Returns an array of subrepositories packages.

Show a subrepository package

You can reference a package by its name or ID.

$subrepositoryName = 'subrepository';
// Either use package name:
$package = $client->subrepositories()->packages()->show($subrepositoryName, 'acme-website/package');
// Or the package ID: 
$package = $client->subrepositories()->packages()->show($subrepositoryName, 123);

Returns the package.

Create a vcs package in a subrepository

$subrepositoryName = 'subrepository';
$job = $client->subrepositories()->packages()->createVcsPackage($subrepositoryName, 'https://github.com/acme-website/package');

Returns a new job.

Create a vcs package with credentials in a subrepository

$subrepositoryName = 'subrepository';
$credentialId = 42;
$job = $client->subrepositories()->packages()->createVcsPackage($subrepositoryName,'https://github.com/acme-website/package', $credentialId);

Returns a new job.

Create a custom package in a subrepository

$subrepositoryName = 'subrepository';
$packageDefinition = '{...}';
$job = $client->subrepositories()->packages()->createCustomPackage($subrepositoryName, $packageDefinition);

Returns a new job.

Create a custom package with credentials in a subrepository

$subrepositoryName = 'subrepository';
$packageDefinition = '{...}';
$credentialId = 42;
$job = $client->subrepositories()->packages()->createCustomPackage($subrepositoryName, $packageDefinition, $credentialId);

Returns a new job.

Edit a vcs package in a subrepository in a subrepository

$subrepositoryName = 'subrepository';
$job = $client->subrepositories()->packages()->editVcsPackage($subrepositoryName, 'acme-website/package', 'https://github.com/acme-website/package');

Returns a new job.

Edit a custom package in a subrepository

$subrepositoryName = 'subrepository';
$packageDefinition = '{...}';
$job = $client->subrepositories()->packages()->editCustomPackage($subrepositoryName, 'acme-website/package', $packageDefinition);

Returns a new job.

Delete a package from a subrepository

$subrepositoryName = 'subrepository';
$client->subrepositories()->packages()->remove($subrepositoryName, 'acme-website/package');

List all dependents of a subrepository package

$subrepositoryName = 'subrepository';
$client->subrepositories()->packages()->listDependents($subrepositoryName, 'acme-website/package');

Returns a list of packages.

List a subrepository's authentication tokens

$subrepositoryName = 'subrepository';
$tokens = $client->subrepositories()->listTokens($subrepositoryName);

Returns an array of authentication tokens.

Create a subrepository authentication token

$subrepositoryName = 'subrepository';
$data = [
  'description' => 'Subrepository Token',
  'access' => 'read',
];
$token = $client->subrepositories()->createToken($subrepositoryName, $data);

Returns the authentication token.

Delete a subrepository authentication token

$subrepositoryName = 'subrepository';
$tokenId = 33;
$client->subrepositories()->removeToken($subrepositoryName, $tokenId);

Regenerate a subrepository authentication token

$subrepositoryName = 'subrepository';
$tokenId = 33;
$confirmation = [
    'IConfirmOldTokenWillStopWorkingImmediately' => true,
];
$token = $client->subrepositories()->regenerateToken($subrepositoryName, $confirmation);

Returns the authentication token.

List a subrepository's mirrored repositories

$subrepositoryName = 'subrepository';
$mirroredRepositories = $client->subrepositories()->mirroredRepositories()->all($subrepositoryName);

Returns an array of mirrored repositories.

Show a mirrored repository

$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$mirroredRepository = $client->subrepositories()->mirroredRepositories()->show($subrepositoryName, $mirroredRepositoryId);

Returns the mirrored repository.

Add mirrored repositories to a subrepository

$subrepositoryName = 'subrepository';
$mirroredRepositoriesToAdd = [
    ['id' => 12, 'mirroringBehavior' => 'add_on_use'],
];
$mirroredRepository = $client->subrepositories()->mirroredRepositories()->add($subrepositoryName, $mirroredRepositoriesToAdd);

Returns a list of added mirrored repositories.

Edit the mirroring behaviour of mirrored repository in a subrepository

$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$mirroredRepository = $client->subrepositories()->mirroredRepositories()->create($subrepositoryName, $mirroredRepositoryId, 'add_on_use');

Returns the edited mirrored repository.

Delete a mirrored repository from a subrepository

$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$client->subrepositories()->mirroredRepositories()->remove($subrepositoryName, $mirroredRepositoryId);

List all mirrored packages from a mirrored repository in a subrepository

$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$packages = $client->subrepositories()->mirroredRepositories()->listPackages($subrepositoryName, $mirroredRepositoryId);

Returns an array of packages.

Add mirrored packages from one mirrored repository to a subrepository

$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$packages = [
    'acme/cool-lib
];
$jobs = $client->subrepositories()->mirroredRepositories()->addPackages($subrepositoryName, $mirroredRepositoryId, $packages);

Returns an array of jobs.

Remove all mirrored packages from one mirrored repository in a subrepository

$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$client->subrepositories()->mirroredRepositories()->removePackages($subrepositoryName, $mirroredRepositoryId);

Package

You can reference a package by its name or ID.

List an organization's packages

$filters = [
    'origin' => \PrivatePackagist\ApiClient\Api\Packages::ORIGIN_PRIVATE, // optional filter to only receive packages that can be added to customers,
    'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN, // optional filter to filter packages with open security issues,
];
$packages = $client->packages()->all($filters);

Returns an array of packages.

Show a package

// Either use package name:
$package = $client->packages()->show('acme-website/package');
// Or the package ID: 
$package = $client->packages()->show(123);

Returns the package.

Create a vcs package

$job = $client->packages()->createVcsPackage('https://github.com/acme-website/package');

Returns a new job.

Create a vcs package with credentials

$credentialId = 42;
$job = $client->packages()->createVcsPackage('https://github.com/acme-website/package', $credentialId);

Returns a new job.

Create a vcs package with a specific type

$job = $client->packages()->createVcsPackage('https://github.com/acme-website/package', null, 'git');

Returns a new job.

Create a custom package

$packageDefinition = '{...}';
$job = $client->packages()->createCustomPackage($packageDefinition);

Returns a new job.

Create a custom package with credentials

$packageDefinition = '{...}';
$credentialId = 42;
$job = $client->packages()->createCustomPackage($packageDefinition, $credentialId);

Returns a new job.

Edit a vcs package

$job = $client->packages()->editVcsPackage('acme-website/package', 'https://github.com/acme-website/package');

Returns a new job.

Edit a custom package

$packageDefinition = '{...}';
$job = $client->packages()->editCustomPackage('acme-website/package', $packageDefinition);

Returns a new job.

Delete a package

$client->packages()->remove('acme-website/package');

List all dependents of a package

$client->packages()->listDependents('acme-website/package');

Returns a list of packages.

List all customers with access to a package

Pass either package ID or package name as argument.

$client->packages()->listCustomers('acme-website/package');

Returns a list of customers with access to the package.

List all security issues of a package

$filters = [
    'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN,
];
$client->packages()->listSecurityIssues('acme-website/package', $filters);

Returns a list of security issues.

Show the security monitoring config of a package

$client->packages()->showSecurityMonitoringConfig('acme-website/package');

Returns the security monitoring config of the package.

Edit the security monitoring config of a package

$config = [
    "monitorAllBranches" => false, // If set to true then monitoredBranches will be ignored and can be omitted 
    "monitoredBranches" => [
        "dev-main"
    ],
];
$client->packages()->editSecurityMonitoringConfig('acme-website/package', $config);

Returns the edited security monitoring config of the package.

Create an artifact package file

$fileName = 'package1.zip'; // your package archive artifact containing a valid composer.json in root directory
$file = file_get_contents($fileName);
$client->packages()->artifacts()->create($file, 'application/zip', $fileName);

Create an artifact package

$fileName = 'package1.zip';
$file = file_get_contents($fileName);
$response = $client->packages()->artifacts()->create($file, 'application/zip', $fileName);
$artifactId = $response['id'];
$client->packages()->createArtifactPackage([$artifactId]);

Add an artifact file to an existing package

$packageName = 'acme/artifact';
$fileName = 'package1.zip';
$file = file_get_contents($fileName);
$client->packages()->artifacts()->add($packageName, $file, 'application/zip', $fileName);

Update or replace artifact files of a package

// in case you want to replace the artifact file with a newly uploaded one
// 1. get current artifact ids
$result = $client->packages()->artifacts()->showPackageArtifacts('acme-website/package');
$artifactIds = array_column($result, 'id'); // [41, 42]

// 2. upload the new artifact file
$fileName = 'package1.zip';
$file = file_get_contents($fileName);
$response = $client->packages()->artifacts()->create($file, 'application/zip', $fileName);
$newArtifactId = $response['id'];

// 3. let's say we don't want to have the artifact file id = 41 and use the newly uploaded file instead
$artifactIds = array_shift($artifactIds);
$artifactIds[] = $newArtifactId;
$client->packages()->editArtifactPackage('acme-website/package', $artifactIds);

Credential

List an organization's credentials

$credentials = $client->credentials()->all();

Returns an array of credentials.

Show a credential

$credentialId = 42;
$credential = $client->credentials()->show($credentialId);

Returns the credential.

Create a credential

$type = \PrivatePackagist\ApiClient\Api\Credentials::TYPE_HTTP_BASIC;
$credential = $client->credentials()->create('ACME http auth', $type, 'acme-website.com', 'username', 'password');

Returns the new credential.

Edit a credential

$credentialId = 42;
$type = \PrivatePackagist\ApiClient\Api\Credentials::TYPE_HTTP_BASIC;
$credential = $client->credentials()->edit($credentialId, $type, 'username', 'password');

Returns the edited credential.

Delete a credential

$credentialId = 42;
$client->credentials()->remove($credentialId);

Mirrored Repository

List an organization's mirrored repositories

$mirroredRepositories = $client->mirroredRepositories()->all();

Returns an array of mirrored repositories.

Show a mirrored repository

$mirroredRepositoryId = 42;
$mirroredRepository = $client->mirroredRepositories()->show($mirroredRepositoryId);

Returns the mirrored repository.

Create a mirrored repository

$mirroredRepository = $client->mirroredRepositories()->create('Mirrored Repository', 'https://composer.example.com', 'add_on_use', 543);

Returns the new mirrored repository.

Edit a mirrored repository

$mirroredRepositoryId = 42;
$mirroredRepository = $client->mirroredRepositories()->create($mirroredRepositoryId, 'Mirrored Repository', 'https://composer.example.com', 'add_on_use', 543);

Returns the edited mirrored repository.

Delete a mirrored repository

$mirroredRepositoryId = 42;
$client->mirroredRepositories()->remove($mirroredRepositoryId);

List all mirrored packages from one repository

$mirroredRepositoryId = 42;
$packages = $client->mirroredRepositories()->listPackages($mirroredRepositoryId);

Returns an array of packages.

Add mirrored packages from one repository

$mirroredRepositoryId = 42;
$packages = [
    'acme/cool-lib
];
$jobs = $client->mirroredRepositories()->addPackages($mirroredRepositoryId, $packages);

Returns an array of jobs.

Remove all mirrored packages from one repository

$mirroredRepositoryId = 42;
$client->mirroredRepositories()->removePackages($mirroredRepositoryId);

Job

Show a job

$job = $client->jobs()->show($jobId);

Returns the job.

Wait for a job to finish

This will periodically poll the job status until the job either finished or the maximum wait time was reached

$numberOfSecondsToWait = 180;
$jobHelper = new \PrivatePackagist\ApiClient\JobHelper($client);
try {
    $job = $jobHelper->waitForJob($jobId, $numberOfSecondsToWait);
} catch (\PrivatePackagist\ApiClient\Exception\JobTimeoutException $e) {
    // Job didn't finish within the specified time
} catch (\PrivatePackagist\ApiClient\Exception\JobErrorException $e) {
    // Job finished with an error. See the message for more information
    echo $e->getMessage();
}

Returns the job.

Security Issue

List an organization's security issues

$filters = [
    'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN, // optional filter to filter packages with open security issues,
];
$packages = $client->securityIssues()->all($filters);

Returns an array of security issues.

Magento legacy keys

List all legacy keys for a customer

$customerId = 42;
$legacyKeys = $client->customers()->magentoLegacyKeys()->all($customerId);

Returns a list of Magento legacy keys.

Create a new legacy keys for a customer

$legacyKey = $client->customers()->magentoLegacyKeys()->create($customerId, $publicKey, $privateKey);

Returns the new Magento legacy key.

Delete a legacy keys from a customer

$client->customers()->magentoLegacyKeys()->remove($customerId, $publicKey);

Validate incoming webhook payloads

When you create or update a webhook in Private Packagist an optional secret can be set. This secret gets used to create a signature which is sent with each request in the headers as Packagist-Signature. The secret and signature can then be used on your server to validate that the request was made by Private Packagist. If no secret is set then no signature is sent.

$request = /** any Psr7 request */;
$secret = 'webhook-secret';
$webhookSignature = new \PrivatePackagist\ApiClient\WebhookSignature($secret);
$requestSignature = $request->hasHeader('Packagist-Signature') ? $request->getHeader('Packagist-Signature')[0] : null;
$webhookSignature->validate($requestSignature, (string) $request->getBody());

License

private-packagist/api-client is licensed under the MIT License