Looking to hire Laravel developers? Try LaraJobs

laravel-encrypted-responses maintained by heliip

Description
Laravel middleware to encrypt API responses using Laravel Crypt with optional compressed payloads.
Author
Heliip
Last update
2026/06/10 07:03 (dev-produccion)
License
MIT
Links
Homepage - GitHub - Packagist
Downloads
16
Tags
api - response - middleware - encryption - laravel

dev-produccion

Last update
2026/06/10 07:03
License
MIT
Require
  • php ^8.3
  • ext-json *
  • ext-zlib *
  • illuminate/contracts ^13.0
  • illuminate/encryption ^13.0
  • illuminate/http ^13.0
  • illuminate/support ^13.0
  • symfony/http-foundation ^7.4|^8.0
v1.0.0

Last update
2026/06/10 07:03
License
MIT
Require
  • php ^8.3
  • ext-json *
  • ext-zlib *
  • illuminate/contracts ^13.0
  • illuminate/encryption ^13.0
  • illuminate/http ^13.0
  • illuminate/support ^13.0
  • symfony/http-foundation ^7.4|^8.0
Comments
comments powered by Disqus

Heliip Laravel Encrypted Responses

Laravel package for encrypting API responses with Laravel's Crypt service.

Requirements

  • PHP 8.3 or higher
  • Laravel 13
  • PHP extensions: json, zlib

Installation

composer require heliip/laravel-encrypted-responses
php artisan vendor:publish --tag=encrypted-responses-config

Usage

Enable automatic registration for the api middleware group:

ENCRYPT_RESPONSES_AUTO_REGISTER=true

Or register the middleware manually in bootstrap/app.php:

use Heliip\LaravelEncryptedResponses\Http\Middleware\EncryptResponse;
use Illuminate\Foundation\Configuration\Middleware;

->withMiddleware(function (Middleware $middleware) {
    $middleware->api(append: [
        EncryptResponse::class,
    ]);
})

For specific routes, use the middleware alias:

Route::middleware('encrypt.responses')->get('/profile', ProfileController::class);

Configuration

The configuration file is published to config/encrypted-responses.php.

Common environment variables:

ENCRYPT_RESPONSES_ENABLED=true
ENCRYPT_RESPONSES_AUTO_REGISTER=false
ENCRYPT_RESPONSES_JSON_ENCODED_COMPRESSED_PAYLOAD=true
ENCRYPT_RESPONSES_COMPRESS=true
ENCRYPT_RESPONSES_COMPRESSION_LEVEL=9
ENCRYPT_RESPONSES_OUTPUT=raw
ENCRYPT_RESPONSES_CONTENT_TYPE=text/plain

ENCRYPT_RESPONSES_OUTPUT=raw returns the encrypted string as the response body.

ENCRYPT_RESPONSES_OUTPUT=json returns:

{"payload":"encrypted-value"}

Payload Format

With ENCRYPT_RESPONSES_JSON_ENCODED_COMPRESSED_PAYLOAD=true, payloads are encoded as:

Crypt::encryptString(json_encode(base64_encode(gzcompress(json_encode($data), 9))))

Exclusions

The middleware skips:

  • Binary file responses
  • Streamed responses
  • Empty responses such as 204 and 304
  • Excluded paths and route names
  • Excluded content types such as images, video, PDF, and ZIP

To skip encryption for a single request:

X-Skip-Response-Encryption: 1

Manual Encryption

use Heliip\LaravelEncryptedResponses\Facades\EncryptedResponse;

$encrypted = EncryptedResponse::encrypt(['ok' => true]);

Testing

composer test

License

The MIT License (MIT). See LICENSE.md.