Apple News API PHP Client

Authenticator
in package

FinalYes

Handles HMAC-SHA256 authentication for Apple News API requests.

Apple News uses a custom HMAC authentication scheme (HHMAC) where requests are signed using the API secret key. The signature is computed from a canonical string including the method, URL, date, and optionally the body for POSTs.

Tags
see
https://developer.apple.com/documentation/applenewsapi

Table of Contents

Constants

DATE_FORMAT  = 'Y-m-d\TH:i:s\Z'
HASH_ALGORITHM  = 'sha256'

Properties

$keyId  : string
$keySecret  : string

Methods

__construct()  : mixed
getKeyId()  : string
Get the configured API Key ID.
sign()  : array{authorization: string, date: string}
Generate the Authorization header and date for a request.
buildCanonicalRequest()  : string
Build the canonical request string used as input for the HMAC hash.
createSignature()  : string
Create the HMAC-SHA256 signature from the canonical request.

Constants

Properties

Methods

__construct()

public __construct(string $keyId, string $keySecret) : mixed
Parameters
$keyId : string

The API Key ID provided by Apple.

$keySecret : string

The API Secret provided by Apple (Base64 encoded).

getKeyId()

Get the configured API Key ID.

public getKeyId() : string
Return values
string

sign()

Generate the Authorization header and date for a request.

public sign(string $method, string $url[, string|null $contentType = null ][, string|null $body = null ][, DateTimeInterface|null $date = null ]) : array{authorization: string, date: string}
Parameters
$method : string

HTTP method (GET, POST, DELETE, etc.)

$url : string

The full request URL including protocol and query params.

$contentType : string|null = null

Required for POST requests (e.g., application/json or multipart/form-data).

$body : string|null = null

Required for POST requests. The raw body content to sign.

$date : DateTimeInterface|null = null

The date for the signature. Defaults to current UTC time.

Tags
throws
InvalidArgumentException

if the secret key cannot be decoded.

Return values
array{authorization: string, date: string}

Returns the header value and the date string used.

buildCanonicalRequest()

Build the canonical request string used as input for the HMAC hash.

private buildCanonicalRequest(string $method, string $url, string $date, string|null $contentType, string|null $body) : string

For GET/DELETE: method + url + date For POST: method + url + date + content-type + body

Parameters
$method : string

Uppercase HTTP method.

$url : string

Full request URL.

$date : string

ISO 8601 date string.

$contentType : string|null

Content type string.

$body : string|null

Raw body content.

Return values
string

createSignature()

Create the HMAC-SHA256 signature from the canonical request.

private createSignature(string $canonicalRequest) : string
Parameters
$canonicalRequest : string

The string to hash.

Tags
throws
InvalidArgumentException

if the secret is not valid Base64.

Return values
string

Base64 encoded signature.


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results