1. 3

Sapient uses libsodium to encrypt or sign HTTP message bodies. It works either client-side or server-side, on requests or responses.


  • Symmetric-key
    • Encryption (XChaCha20-Poly1305)
    • Authentication (HMAC-SHA512-256)
  • Public-key
    • Sealing (X25519 + BLAKE2b + XChaCha20-Poly1305)
    • Signing (Ed25519)

If libsodium is not available (it currently has to be installed via PECL), sodium_compat will polyfill these features.

It works on PSR-7 interfaces, but for framework-specific adoption, we’ve created a few Sapient adapters and creating your own is relatively straightforward.