Here's a quick example on how to use sodium_crypto_auth(); where you have a message that you want to sign, so anyone who can access the *shared* key can confirm that the message hasn't been tampered with.
This is similar to sodium_crypto_sign_detached(), but both signer and verifier have access to the same key.
<?php
$key = sodium_crypto_auth_keygen();
$message = 'Hello';
$signature = sodium_crypto_auth($message, $key);
$message_valid = sodium_crypto_auth_verify($signature, $message, $key);
if (!$message_valid) {
exit('Message has been changed.');
}
?>