README

Reusable Laravel package for running the Sendity API in a Laravel runtime.

composer require sendity/laravel-server

Boundary

This is a PHP/Laravel package. It is not the public Sendity website and it does not own Docker-era hosted-app wiring.

It owns:

• AuthRequest creation and status endpoints.
• inbound channel webhook endpoints:
  • email receives raw message/rfc822 bodies and delegates DKIM/MIME/code extraction to sendity/email-channel;
  • non-email channels continue to use their package-specific JSON adapters.
• webhook signature and replay validation.
• JWT issuing and JWKS publication.
• realtime/broadcasting auth metadata for AuthRequest status updates.

It intentionally does not own:

• the <x-sendity /> Blade wrapper for customer applications;
• browser UI defaults such as SENDITY_CLIENT_SCRIPT_URL or SENDITY_VERIFY_URLS;
• the hosted marketing/customer website;
• Docker/Traefik deployment manifests.

Compatibility

• PHP: >=8.2
• Laravel components: ^12.0|^13.0
• Testbench: ^10.0|^11.0

Important environment variables

SENDITY_ROUTE_PREFIX=sendity
SENDITY_JWT_ALGORITHM=RS256
SENDITY_JWT_PRIVATE_KEY_BASE64=
SENDITY_JWT_PUBLIC_KEY_BASE64=
SENDITY_JWT_ISSUER=https://sendity.io
SENDITY_DEFAULT_TOKEN_TTL=600
SENDITY_AUTH_REQUEST_TTL=300
SENDITY_WEBHOOK_SECRET=
SENDITY_EMAIL_MAX_MESSAGE_BYTES=262144
SENDITY_EMAIL_MAX_EXTRACTED_CODES=5
SENDITY_BROADCASTING_ENABLED=true

TTL values are application configuration. They are not accepted as client request payload fields.

Hosted sendity.io currently exposes this package through the website Laravel process under /api/sendity/*. A direct self-hosted runtime can use the package default /sendity/* prefix or configure another prefix.