Skip to main content

PHP SDK

The zeridion/flare-php package is published on Packagist. Zero third-party dependencies — uses curl directly, no Guzzle / Symfony HTTP coupling.

composer require zeridion/flare-php

Requires: PHP 8.2+, ext-curl, ext-json.

Quick start

use Zeridion\Flare\FlareClient;

$client = new FlareClient(apiKey: 'zf_live_sk_...');
// Or, with FLARE_API_KEY set in the environment:
// $client = new FlareClient();

$job = $client->createJob([
'job_type' => 'SendWelcomeEmail',
'payload' => ['email' => 'alice@example.com'],
'queue' => 'default',
]);

echo $job['id'], ' ', $job['state']; // "job_abc123 pending"

Client construction

$client = new FlareClient(
apiKey: 'zf_live_sk_...',
baseUrl: 'https://api.zeridion.com', // override for dev / staging
maxRetries: 3, // 0 to disable retries
retryBaseDelayMs: 500,
retryMaxDelayMs: 30000,
timeoutSeconds: 30.0,
maxResponseBytes: 10 * 1024 * 1024, // 10 MiB cap (0 disables)
);

Every public method accepts optional idempotencyKey and requestId named arguments, sent as the Idempotency-Key and X-Request-Id headers.

Typed error hierarchy

ClassHTTPWhen it fires
FlareExceptionBase class for every SDK exception
AuthException401Missing / invalid / revoked API key
QuotaException402Billing state blocked — subscription past_due / unpaid / cancelled
NotFoundException404Resource doesn't exist
ConflictException409Idempotency or invalid-state conflict
RateLimitException429Inspect $ex->retryAfter, $ex->limit, $ex->remaining

Webhook verification

Webhook::verify validates the X-Zeridion-Signature header on outbound webhook deliveries. Pass the raw request body — re-encoding parsed JSON invalidates the signature.

use Zeridion\Flare\Webhook;

$payload = file_get_contents('php://input');
$header = $_SERVER['HTTP_X_ZERIDION_SIGNATURE'] ?? '';

if (!Webhook::verify($payload, $header, $webhookSecret, toleranceSeconds: 300)) {
http_response_code(400);
exit;
}

// Safe to process the event.

toleranceSeconds enables replay protection — deliveries whose signature timestamp drifts more than that many seconds from the current time are rejected (recommended: 300; default null = no timestamp check). The helper verifies against every v1= digest in the header, so it keeps working through a secret rotation with no receiver change.

Feature parity

See the SDK overview for the full feature-parity matrix across all 7 official SDKs (.NET, TypeScript / JS, Python, Go, Java, PHP, Ruby).

Source

github.com/zeridion/flare-php

See also

  • SDK overview — feature parity across all 7 official SDKs
  • Jobs API — wire-level reference for the endpoints this SDK wraps
  • Errors — status codes and error envelopes used by every SDK