Skip to the content.

Laravel easy sequential ID obfuscation

← back

When you use sequential IDs / auto-increment IDs in URLs, you are giving away some sensitive information about your application.

Which allows visitors to:

Read more Auto-Incrementing IDs: Giving your Data Away

Why this package

Yes, there are many solutions available. This package uses jenssegers/optimus for encoding and decoding and it is super fast. And the package provides everything you need:

Install via composer

$ composer require apichef/laravel-obfuscate


The only thing you have to do is using the the Obfuscatable trait in you model class.

namespace App;

use Illuminate\Database\Eloquent\Model;
use ApiChef\Obfuscate\Obfuscatable;

class Post extends Model
    use Obfuscatable;

    // ...

Route model bilding

Route::get('/posts/{post}', function (Post $post) {
    return $post;

Generate the URL to a named route.

$post = Post::find(1);

echo(route('', $post));

// https://my-app.test/api/posts/458047115


Sometimes you need to validate whether a record is available in the database for the given ID. For that package provides HashExists rule class.

namespace App\Http\Requests;

use ApiChef\Obfuscate\Rules\HashExists;
use Illuminate\Foundation\Http\FormRequest;

class PostStoreRequest extends FormRequest
    // ...
    public function rules()
        return [
            'post_id' => [
                new HashExists('posts', 'id')


Sometime you might need to encode an auto-increment ID and vice versa. For that you can use Obfuscate facade.

use ApiChef\Obfuscate\Support\Facades\Obfuscate;

$result = Obfuscate::encode(1);
// 458047115

$result = Obfuscate::encode([1, 2]);
// [458047115, 2033899500]

$result = Obfuscate::decode('458047115');
// 1

$result = Obfuscate::decode([458047115, 2033899500]);
// [1, 2]

← back