Skip to main content

Routing

Introduction

Liap provides a POST endpoint liap.serverNotifications to receive the Server notifications from different providers. This route uses a query variable provider to define the service provider.

ProviderURIQuery Value
Google Play/liap/notifications?provider=google-playgoogle-play
App Store/liap/notifications?provider=app-storeapp-store

You can add custom configurations to this endpoint through the routing key in the config file liap.php. For instance, you can assign a middleware or add a custom route prefix.

config/liap.php
[
    'routing' => [
        'signed' => false,
        'middleware' => 'my_middleware',
        'prefix' => 'my_prefix'
    ],

    // .. Other configurations are trimmed
]

Generate a signed URL

In order to set up the server notifications, the service provider asks you to provide a URL to receive the server notifications. LIAP allows you to easily create a "signed" URL which have a "signature" hash appended to the query string. This allows LIAP/Laravel to verify that the URL has not been modified since it was created.

You can generate them using the following composer command:

php artisan liap:url

It will ask for the provider:

Select provider:
  [0] All Providers
  [1] App Store
  [2] Google Play
 >

If you didn't enable signed URLs, it will ask for your confirmation to generate signed URLs:

Select provider:
  [0] All Providers
  [1] App Store
  [2] Google Play
 > 0

 Signed routes are disabled. Do you want to generate signed routes? (yes/no) [no]:
 > yes

Based on your answers, it will generate a table with the following columns:

+-------------+--------------------------------------------------------------------------------+
| Provider    | URL                                                                            |
+-------------+--------------------------------------------------------------------------------+
| App Store   | http://localhost/liap/notifications?signature=<signature>&provider=app-store   |
| Google Play | http://localhost/liap/notifications?signature=<signature>&provider=google-play |
+-------------+--------------------------------------------------------------------------------+

The generated URLs will be used to receive the server notifications.

Validating a signed route requests

In order to verify that an incoming request has a valid signature, you should set the routing.signed key to true.

config/liap.php
[
    'routing' => [
        'signed' => true, // This is false by default
    ],

    // .. Other configurations are trimmed
]

If the incoming request does not have a valid signature, the middleware will automatically return a 403 HTTP response.