Docs LATEST

WebCron Endpoint

Trigger the scheduler via HTTP when system cron isn't available.

Scheduling

Some hosting environments don't provide cron access. WebCron lets you trigger the scheduler via an HTTP request instead.

Enabling WebCron #

Set cron_enabled in config/app.php or user/config/app.php:

return [
    'cron_enabled' => true,
];

The Endpoint #

Once enabled, the scheduler runs when you hit:

GET /system/cron

The endpoint returns a simple JSON response:

{"status": "ok", "tasks_run": 2}

Triggering from External Services #

Use an uptime monitoring service or external cron service to hit the endpoint every minute:

  • UptimeRobot - Set up a monitor with 1-minute checks
  • cron-job.org - Free external cron service
  • Pingdom - Use as a scheduled job
  • Your own server - Cron on a different machine

Example curl command:

curl -s https://yoursite.com/system/cron

Security Considerations #

The WebCron endpoint can be abused if left unprotected. Anyone who discovers the URL can trigger your scheduled tasks repeatedly.

IP Allowlisting #

Restrict access to known IPs in your web server config:

Nginx:

location = /system/cron {
    allow 123.45.67.89;    # Your cron service IP
    allow 10.0.0.0/8;      # Internal network
    deny all;
    try_files $uri /index.php$is_args$args;
}

Apache (.htaccess):

<Location /system/cron>
    Require ip 123.45.67.89
    Require ip 10.0.0.0/8
</Location>

Secret Token #

Add a secret parameter and validate it in middleware:

// In config
'cron_secret' => env('CRON_SECRET', 'your-secret-token'),

// Call with token
curl https://yoursite.com/system/cron?token=your-secret-token

Rate Limiting #

Apply the throttle middleware to prevent abuse:

$router->get('/system/cron', [CronController::class, 'run'])
    ->middleware('throttle:1,1');  // 1 request per minute

When to Use WebCron #

Use WebCron when:

  • Shared hosting without cron access
  • Serverless environments
  • Quick testing during development

Prefer system cron when:

  • You have server access
  • Tasks are time-sensitive
  • High reliability is needed

System cron is more reliable-it runs regardless of HTTP traffic or server load. WebCron depends on external services and your web server being responsive.

Alternatives #

If your host supports scheduled tasks but not traditional cron:

  • Laravel Forge - Has a scheduler UI
  • Heroku - Use Heroku Scheduler add-on
  • Platform.sh - Built-in cron support

These run php velvet schedule:run directly, which is preferable to WebCron.

← Previous Task Scheduling Next → Security Features