PHP
Verify Syncanix agent intents in PHP — Laravel and Symfony — with a local HMAC check on every tool call.
The PHP SDK provides Laravel middleware and a Symfony event subscriber over a shared VerifyIntent core. Guard your tool routes and read the decoded payload from the request attributes.
Install
Add the package to your project with your language's package manager.
composer require syncanix/sdk-phpConfigure the secret
The SDK verifies intents with your tenant's intent-signing secret. Store it as an environment variable — never commit it to source control — and load it where you register the SDK.
export SYNCANIX_SECRET="your-intent-signing-secret"Verify intents
Register the SDK on the routes that expose agent actions. It verifies the X-Syncanix-Intent header before your handler runs, rejects any invalid or replayed call with a 403, and hands your handler the verified payload — including the acting tenant and user.
Route::middleware(SyncanixIntentMiddleware::class . ':' . env('SYNCANIX_SECRET'))
->group(function () {
Route::post('/tools/refund', function (Request $request) {
$intent = $request->attributes->get('syncanix_intent');
return response()->json(['tenantId' => $intent->tenantId]);
});
});