improve the experience.

**Signature verification SDK**: I sign requests, but I could provide verification helpers in common languages to reduce integration friction.

# Security Checklist

For anyone building a similar system:

* \[ \] SSRF protection with DNS resolution validation
* \[ \] HTTPS enforcement in production
* \[ \] Cryptographically secure secret generation (32+ bytes)
* \[ \] HMAC signatures with constant-time comparison
* \[ \] Timestamp validation for replay prevention (5-minute window)
* \[ \] Request timeout to prevent hanging (30 seconds)
* \[ \] No sensitive data in error messages or logs
* \[ \] Complete audit logging for debugging and compliance
* \[ \] Input validation on all user-provided configuration
* \[ \] Automatic endpoint disabling on 410 Gone

# Conclusion

Webhooks seem simple until you think about security, reliability, and maintainability. The naive "POST JSON to URL" approach fails in production.

My key decisions:

1. **Standard Webhooks specification** for interoperability and security
2. **Multi-layer SSRF protection** including DNS resolution validation
3. **Exponential backoff** following industry-standard timing
4. **Registry pattern** for painless extensibility
5. **Type-safe DTOs** for maintainability
6. **Complete delivery tracking** for debugging and compliance

The foundation handles not just webhooks, but any integration type I'll add. Same event system, same job dispatcher, same retry logic, same audit trail—just implement the interface.

Build for production from day one. Your future self will thank you.

https://redd.it/1pkr2ie
@r_php

Bumping Slim framework from 2 to 3

In case you are stuck at slim 2 and want to move to slim 3, maybe it could be helpful for you.

I just wrote an article how you could do to move to slim 3, you can check out here

I hope it could help you with some ideas how to move forward.



https://redd.it/1pkwdr8
@r_php

Two methods vs one to fetch data

What is your preferred way of handling situations like when you need to fetch multiple records from the database using Doctrine DBAL and already have a method to fetch one. Do you make the one method hybrid,
function getbyID(int|array id) {
#if int add this param
#if array add array param IN()

Less code but mixed.

Or do you make it separated? More code but clearer methods?
function getById(int myid) {...}
function getByIds(array idlist) {...}

Which one you use and why? Following best practices and of course, having compromises sometimes.

https://redd.it/1plpys5
@r_php

What's Coming for PHP in 2026: A Developer's Guide
https://slicker.me/php/php-2026.html

https://redd.it/1plyuiv
@r_php

Message Brokers in PHP: From Hundreds of Lines to Just a Few
https://blog.ecotone.tech/message-brokers-in-php-few-lines-integration/

https://redd.it/1pmaci2
@r_php

Type-safe data flow: Laravel to React with Inertia 2.0
https://laravelmagazine.com/type-safe-data-flow-laravel-to-react-with-inertia-20

https://redd.it/1pmb7mc
@r_php

A Week of Symfony #989 (December 8–14, 2025)
https://symfony.com/blog/a-week-of-symfony-989-december-8-14-2025?utm_medium=feed&utm_source=Symfony%20Blog%20Feed

https://redd.it/1pmafef
@r_php

Message Brokers in PHP: From Hundreds of Lines to Just a Few
https://blog.ecotone.tech/message-brokers-in-php-few-lines-integration/

https://redd.it/1pmacr0
@r_php

Type-safe data flow: Laravel to React with Inertia 2.0
https://laravelmagazine.com/type-safe-data-flow-laravel-to-react-with-inertia-20

https://redd.it/1pmb825
@r_php

Weekly /r/Laravel Help Thread

Ask your Laravel help questions here. To improve your chances of getting an answer from the community, here are some tips:

What steps have you taken so far?
What have you tried from the documentation?
Did you provide any error messages you are getting?
Are you able to provide instructions to replicate the issue?
Did you provide a code example?
Please don't post a screenshot of your code. Use the code block in the Reddit text editor and ensure it's formatted correctly.

For more immediate support, you can ask in the official Laravel Discord.

Thanks and welcome to the r/Laravel community!

https://redd.it/1pmkh1s
@r_php

What's your go-to approach for structuring large Laravel projects?

Hey fellow Laravel devs! 👋

I’ve been working on some fairly large projects lately and I keep running into the same challenge:
“How do I structure my Laravel apps so that they stay maintainable as they grow?”

Some things I’ve experimented with:
- Modular folder structure for features
- Service Providers for reusable logic
- Domain-driven design patterns in Laravel

I’d love to hear from you:
- How do you organize large Laravel projects?
- Any tricks or best practices for keeping code clean and scalable?
- Packages or tools you swear by for project organization?

Sharing some real-life examples would be amazing!
Let’s make it easier for the community to handle big Laravel apps.

Thanks in advance for your insights! 🙌

https://redd.it/1pmnfxh
@r_php

Pulse - Monitor Your Application's Performance in Production
https://youtu.be/V40uwtx_usM

https://redd.it/1pmpd15
@r_php

Job Batching Internals: How Laravel tracks state and handles partial failures
https://queuewatch.io/blog/job-batching-internals-how-laravel-tracks-state-handles-partial-failures-and-the-undocumented-limitations

https://redd.it/1pmrfpz
@r_php

Laravel Workflows as MCP Tools for AI Clients
https://laravel-workflow.com/blog/laravel-workflows-as-mcp-tools-for-ai-clients/

https://redd.it/1pmwnmf
@r_php

Weekly Ask Anything Thread

Feel free to ask any questions you think may not warrant a post. Asking for help here is also fine.

https://redd.it/1pmy6u1
@r_php

Weekly help thread

Hey there!

This subreddit isn't meant for help threads, though there's one exception to the rule: in this thread you can ask anything you want PHP related, someone will probably be able to help you out!

https://redd.it/1pn12c6
@r_php

Static And Not Static Method At The Same Time
https://php-tips.readthedocs.io/en/latest/tips/static_and_not_static.html

https://redd.it/1pn46db
@r_php

Curious: How does your team test feature branches before merging to dev/staging?

I'm working on a Laravel project with a separate React frontend and we've been struggling with how to let the team (and clients) test features before they hit staging.

Right now we either deploy to a shared staging server (messy, conflicts) or run everything locally to demo (painful for non-technical stakeholders).

Curious how other teams handle this:

* Do you spin up environments per branch/PR?
* If yes, what's your setup? (Docker, k8s, some service?)
* If no, what do you do instead?

Especially interested if you're dealing with microservices or separate frontend/backend repos.

https://redd.it/1pn5bjj
@r_php

I built a Laravel installer because shared hosting setup is still painfu

Laravel is great, but the first 30 minutes still suck — especially on shared hosting.



.env issues, DB config errors, missing extensions, wrong permissions…

I kept seeing the same problems again and again.



So I built an open-source Laravel installer that:

\- checks server requirements

\- validates DB credentials

\- guides setup through a simple installer UI

\- works without assuming full CLI access



It’s still early and I’m looking for real feedback more than stars.



Repo: https://github.com/ajithjojo/getecz-laravel-installer



What would you change or add?

https://redd.it/1pnf6hx
@r_php

Socialite - Effortless Social Authentication
https://youtu.be/JKOJpUi1gD0

https://redd.it/1pnj4ij
@r_php

Career Changer Strategy: Focusing on Backend/Logic & using AI for UI/Design. Is this a future-proof path for freelancing?

Hi everyone,

I am currently a career changer ("Umschüler" in Germany) doing my internship at an E-Commerce agency. I'm building my roadmap for a future mix of part-time employment and freelancing.

I realized I love the logical side of things (Databases, Backend, Docker, JS-Functionality) but I hate "pixel-pushing" and trying to pick the perfect colors
.
My Plan:
The Stack: HTML, CSS, JS, PHP, MySQL, Docker. (I plan to learn React/Frameworks later, but want to master the basics first).

The Workflow: I use AI to handle the "Design" part (CSS, Layouts, UI components). I understand the generated code (Grid, Flexbox, Responsive), so I can debug it, but I don't want to study design theory.

The Product: I want to move away from "Brochure Websites" (high competition, low pay) and focus on building Web Apps, PWAs, and B2B Tools for small/mid-sized businesses. I feel like solving actual business problems (saving time/money) pays better than just "looking good".

My Questions for you:
Is this a solid Freelance strategy? Can I market myself as a Fullstack Dev if I rely on AI for the visual heavy lifting, while I ensure the Logic/Security/Backend is rock solid?
PHP vs Node: In the German market, I see a lot of demand for PHP (Shopware, custom tools) in the SMB sector. Is sticking with PHP + Docker a safe bet for stable income, or is the pressure to switch to Node.js unavoidable?

Future Proofing: Do you agree that "Logic/Problem Solving" is harder to replace by AI than "CSS/Design", making this path safer long-term?

Thanks for your honest feedback!

https://redd.it/1pnuudg
@r_php