diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f8025246..0639f45a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -26,6 +26,22 @@ jobs:
         with:
           python-version: ${{ inputs.python-version || '3.11' }}
       
+      - name: Set up PHP with Composer
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          tools: composer:v2
+      
+      - name: Install PHP V2 dependencies
+        working-directory: ./test-server/php-v2-server
+        shell: bash
+        run: composer install
+
+      - name: Install PHP V3 dependencies
+        working-directory: ./test-server/php-v3-server
+        shell: bash
+        run: composer install
+      
       # Cache uv dependencies
       - name: Cache uv dependencies
         uses: actions/cache@v3
diff --git a/test-server/java-tests/src/it/java/software/amazon/encryption/s3/RoundTripTests.java b/test-server/java-tests/src/it/java/software/amazon/encryption/s3/RoundTripTests.java
index 535e4d8d..5b9eb535 100644
--- a/test-server/java-tests/src/it/java/software/amazon/encryption/s3/RoundTripTests.java
+++ b/test-server/java-tests/src/it/java/software/amazon/encryption/s3/RoundTripTests.java
@@ -68,11 +68,15 @@ public class RoundTripTests {
         serverList.add(new LanguageServerTarget("Java-V3", "8080"));
         serverList.add(new LanguageServerTarget("Python-V3", "8081"));
         serverList.add(new LanguageServerTarget("Go-V3", "8082"));
+        serverList.add(new LanguageServerTarget("PHP-V2", "8087"));
+        serverList.add(new LanguageServerTarget("PHP-V3", "8093"));
 
         serverMap = new HashMap<>(14);
         serverMap.put("Java-V3", new LanguageServerTarget("Java-V3", "8080"));
         serverMap.put("Python-V3", new LanguageServerTarget("Python-V3", "8081"));
         serverMap.put("Go-V3", new LanguageServerTarget("Go-V3", "8082"));
+        serverMap.put("PHP-V2", new LanguageServerTarget("PHP-V2", "8087"));
+        serverMap.put("PHP-V3", new LanguageServerTarget("PHP-V3", "8093"));
     }
 
     // These S3EC implementations do not validate encryption context provided to getObject (i.e. on decrypt).
@@ -80,7 +84,7 @@ public class RoundTripTests {
     // these implementations will not raise an error as expected.
     // For now, skip tests that expect encryption context validation on decrypt.
     private static final Set<String> ENCRYPTION_CONTEXT_ON_DECRYPT_UNSUPPORTED =
-        Set.of("Go-V3");
+        Set.of("Go-V3", "PHP-V2", "PHP-V3");
 
     static public class LanguageServerTarget {
         public String getLanguageName() {
diff --git a/test-server/php-v2-server/.gitignore b/test-server/php-v2-server/.gitignore
new file mode 100644
index 00000000..07108589
--- /dev/null
+++ b/test-server/php-v2-server/.gitignore
@@ -0,0 +1,4 @@
+vendor/*
+cookies.txt
+server.pid
+composer.lock
\ No newline at end of file
diff --git a/test-server/php-v2-server/Makefile b/test-server/php-v2-server/Makefile
new file mode 100644
index 00000000..6962ce5e
--- /dev/null
+++ b/test-server/php-v2-server/Makefile
@@ -0,0 +1,24 @@
+# Makefile for S3 Encryption Client Testing
+
+.PHONY: start-server stop-server wait-for-server
+
+PID_FILE := server.pid
+PORT := 8087
+
+start-server:
+	@echo "Starting PHP V2 server..."
+	AWS_ACCESS_KEY_ID="$$AWS_ACCESS_KEY_ID" \
+	AWS_SECRET_ACCESS_KEY="$$AWS_SECRET_ACCESS_KEY" \
+	AWS_SESSION_TOKEN="$$AWS_SESSION_TOKEN" \
+	AWS_REGION="us-west-2" \
+	composer run start & echo $$! > $(PID_FILE)
+	@echo "PHP V2 server starting..."
+
+stop-server:
+	@if [ -f $(PID_FILE) ]; then \
+		kill $$(cat $(PID_FILE)) 2>/dev/null || true; \
+		rm $(PID_FILE); \
+	fi
+
+wait-for-server:
+	$(MAKE) -C .. wait-for-port PORT=$(PORT)
diff --git a/test-server/php-v2-server/README.md b/test-server/php-v2-server/README.md
new file mode 100644
index 00000000..c4ba49fe
--- /dev/null
+++ b/test-server/php-v2-server/README.md
@@ -0,0 +1,69 @@
+# S3EC PHP v2 Test Server
+
+This is the PHP V2 implementation of the S3ECTestServer framework. It provides a server implementation for testing S3 Encryption Client functionality.
+
+## Overview
+
+The S3ECPhpV2TestServer implements the S3ECTestServer service defined in the shared Smithy model. It provides endpoints for:
+
+- Creating S3 Encryption Clients with session-based caching
+- Putting objects with encryption
+- Getting and decrypting objects
+
+## Starting the Server
+
+### Method 1: Using Composer (Recommended)
+```bash
+composer run start
+```
+
+The server will start on port `8087`.
+
+## Available Endpoints
+
+### Server Status
+- **GET /** - Returns server status and available endpoints
+
+### Client Management
+- **POST /client** - Creates an S3EncryptionClient and caches it with session persistence
+- **GET /cache** - Shows current session state and cached clients (for debugging)
+
+### Object Operations
+- **GET /object/{bucket}/{key}** - Handle GET requests using the S3EncryptionClient
+- **PUT /object/{bucket}/{key}** - Handle PUT requests using the S3EncryptionClient
+
+## Testing with curl
+
+### Important: Session Cookie Management
+
+To properly test the server and maintain session persistence, you **must** use cookies with curl:
+
+#### First Request (creates session cookie):
+```bash
+curl -X POST http://localhost:8087/client \
+  -H "Content-Type: application/json" \
+  -c cookies.txt \
+  -v
+```
+
+#### Subsequent Requests (reuses session cookie):
+```bash
+curl -X POST http://localhost:8087/client \
+  -H "Content-Type: application/json" \
+  -b cookies.txt \
+  -c cookies.txt \
+  -v
+```
+
+#### Check Cache Status:
+```bash
+curl http://localhost:8087/cache \
+  -b cookies.txt
+```
+
+#### Helpful Notes
+- **Session Storage**: Client configurations are stored in `$_SESSION['s3ecCache']`
+- **Object Recreation**: AWS SDK objects are recreated from stored configuration (they cannot be serialized)
+AWS SDK obbjects cannot be serialized due to internal resources and closures.
+- **Helper Function**: `getCachedClient($clientId)` retrieves and recreates clients from cache
+- **Debugging**: Enhanced logging and `/cache` endpoint for troubleshooting
diff --git a/test-server/php-v2-server/composer.json b/test-server/php-v2-server/composer.json
new file mode 100644
index 00000000..e9c399ac
--- /dev/null
+++ b/test-server/php-v2-server/composer.json
@@ -0,0 +1,24 @@
+{
+    "name": "aws/s3ec-php-v2-test-server",
+    "description": "PHP v2 implementation of the S3EC Test Server framework",
+    "type": "project",
+    "license": "Apache-2.0",
+    "require": {
+        "php": ">=7.4",
+        "aws/aws-sdk-php": "^3.356",
+        "ramsey/uuid": "^4.9"
+    },
+    "autoload": {
+        "psr-4": {
+            "S3EC\\PhpV2Server\\": "src/"
+        }
+    },
+    "scripts": {
+        "start": [
+            "php -S 0.0.0.0:8087 src/index.php"
+        ]
+    },
+    "config": {
+        "optimize-autoloader": true
+    }
+}
\ No newline at end of file
diff --git a/test-server/php-v2-server/src/client.php b/test-server/php-v2-server/src/client.php
new file mode 100644
index 00000000..44fe1b39
--- /dev/null
+++ b/test-server/php-v2-server/src/client.php
@@ -0,0 +1,68 @@
+<?php
+
+require_once __DIR__ . '/errors.php';
+
+use Ramsey\Uuid\Uuid;
+
+function handleCreateClient()
+{
+    // Get the raw request body
+    $rawBody = file_get_contents('php://input');
+
+    // Parse JSON if the body contains JSON
+    $requestData = json_decode($rawBody, true);
+    if (json_last_error() !== JSON_ERROR_NONE) {
+        return GenericServerError("Invalid JSON in request body", 400);
+    }
+    $configData = $requestData['config'] ?? [];
+    $keyMaterial = $configData["keyMaterial"] ?? null;
+    $legacyAlgorithms = $configData["enableLegacyWrappingAlgorithms"] ?? false;
+    $clientId = Uuid::uuid4()->toString();
+    $kmsKeyId = $keyMaterial["kmsKeyId"] ?? null;
+
+    if ($configData == []) {
+        return GenericServerError("Invalid config in request body", 400);
+    }
+    if (($keyMaterial || $kmsKeyId) === null) {
+        return GenericServerError("Invalid keyMaterial in config", 400);
+    }
+
+    // Store client configuration instead of objects (AWS objects can't be serialized)
+    $_SESSION['s3ecCache'][$clientId] = [
+        's3Config' => [
+            'region' => 'us-west-2',
+            'version' => 'latest',
+            'http' => [
+                'debug' => false,
+                'verify' => true,
+                'curl' => [
+                    CURLOPT_VERBOSE => false,
+                    CURLOPT_NOPROGRESS => true
+                ]
+            ]
+        ],
+        'kmsConfig' => [
+            'region' => 'us-west-2',
+            'version' => 'latest',
+            'http' => [
+                'debug' => false,
+                'verify' => true,
+                'curl' => [
+                    CURLOPT_VERBOSE => false,
+                    CURLOPT_NOPROGRESS => true
+                ]
+            ]
+        ],
+        'kmsKeyId' => $kmsKeyId,
+        'legacy' => $legacyAlgorithms,
+        'created' => time()
+    ];
+
+    // Auto-update cookies.txt with current session ID so tests can access cached clients
+    writeSessionIdToCookiesFile(session_id());
+
+    header("Content-Type: application/json");
+    return json_encode([
+        'clientId' => $clientId,
+    ]);
+}
diff --git a/test-server/php-v2-server/src/errors.php b/test-server/php-v2-server/src/errors.php
new file mode 100644
index 00000000..2b59861d
--- /dev/null
+++ b/test-server/php-v2-server/src/errors.php
@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * Used for "internal" errors, e.g. problems with the test server itself
+ * Tests MUST NOT expect this error in negative tests.
+ * 
+ * @param string $message The error message to include in the response
+ * @param int $code The error code to set in the reponse
+ * @return string JSON-encoded error response
+ */
+function GenericServerError($message, $code = 500)
+{
+    http_response_code(500);
+    header('Content-Type: application/json');
+
+    $errorResponse = [
+        'error' => 'GenericServerError',
+        'message' => $message
+    ];
+
+    return json_encode($errorResponse);
+}
+
+/**
+ * Used for modeled errors, e.g. errors thrown by the S3EC
+ * Tests SHOULD expect this error in negative tests.
+ * 
+ * @param string $message The error message to include in the response
+ * @return string JSON-encoded error response
+ */
+function S3EncryptionClientError($message)
+{
+    http_response_code(500);
+    header('Content-Type: application/json');
+
+    $errorResponse = [
+        "__type" => "software.amazon.encryption.s3#S3EncryptionClientError",
+        'message' => $message
+    ];
+
+    return json_encode($errorResponse);
+}
diff --git a/test-server/php-v2-server/src/get_object.php b/test-server/php-v2-server/src/get_object.php
new file mode 100644
index 00000000..61bacb5b
--- /dev/null
+++ b/test-server/php-v2-server/src/get_object.php
@@ -0,0 +1,85 @@
+<?php
+
+require_once __DIR__ . '/errors.php';
+
+function handleGetObject($params)
+{
+    // Get ClientID from HTTP header
+    $clientId = $_SERVER['HTTP_X_CLIENT_ID'] ?? $_SERVER['HTTP_CLIENTID'] ?? null;
+
+    if (empty($clientId)) {
+        return GenericServerError("ClientID header is required", 400);
+    }
+
+    # Get the S3EncryptionClient from the client_cache
+    $s3ecClientTuple = getCachedClient($clientId);
+    if ($s3ecClientTuple == null) {
+        return GenericServerError("No client found for ClientID: " . $clientId, 404);
+    }
+
+    $metadata = $_SERVER['HTTP_CONTENT_METADATA'] ?? '';
+    $encryptionContext = metadataStringToMap($metadata);
+
+    // Extract bucket and key from URL parameters
+    $bucket = $params['bucket'] ?? null;
+    $key = $params['key'] ?? null;
+
+    if (is_null($bucket) || is_null($key)) {
+        return GenericServerError("Invalidb bucket or key parameters", 400);
+    }
+
+    $s3ec = $s3ecClientTuple["encryptionClient"];
+    $materialProvider = $s3ecClientTuple["materialsProvider"];
+    $clientConfig = $s3ecClientTuple["config"];
+    $legacyConfig = $clientConfig["legacy"] ?? false;
+    $legacy = null;
+    if ($legacyConfig === false) {
+        $legacy = "V2";
+    } else {
+        $legacy = "V2_AND_LEGACY";
+    }
+
+    try {
+        // Start output buffering before the AWS call to capture any unwanted output
+        ob_start();
+
+        $result = $s3ec->getObject([
+            '@SecurityProfile' => $legacy,
+            '@MaterialsProvider' => $materialProvider,
+            '@KmsEncryptionContext' => $encryptionContext,
+            'Bucket' => $bucket,
+            'Key' => $key,
+        ]);
+
+        // Capture and discard any unwanted output from AWS SDK
+        $unwantedOutput = ob_get_clean();
+        if (!empty($unwantedOutput)) {
+            error_log("AWS SDK produced unexpected output: " . strlen($unwantedOutput) . " bytes");
+        }
+
+        $body = $result['Body']->getContents();
+        $formattedMetadata = formatMetadataForResponse($result["Metadata"]);
+
+        // Now set headers safely
+        header("Content-Metadata: " . $formattedMetadata);
+        header("Content-Type: application/octet-stream");
+        header("Content-Length: " . strlen($body));
+        return $body;
+    } catch (InvalidArgumentException $e) {
+        // Clean up output buffer if still active
+        if (ob_get_level()) {
+            ob_end_clean();
+        }
+        return GenericServerError("Invalid argument: " . $e->getMessage(), 400);
+    } catch (Exception $e) {
+        // Clean up output buffer if still active
+        if (ob_get_level()) {
+            ob_end_clean();
+        }
+        if (strpos($e->getMessage(), "@SecurityProfile=V2") !== false) {
+            return S3EncryptionClientError($e->getMessage() . " " . "Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms");
+        } else {
+            return GenericServerError("Server argument: " . $e->getMessage(), 500);
+        }
+    }
+}
diff --git a/test-server/php-v2-server/src/index.php b/test-server/php-v2-server/src/index.php
new file mode 100644
index 00000000..cc5dee29
--- /dev/null
+++ b/test-server/php-v2-server/src/index.php
@@ -0,0 +1,294 @@
+<?php
+
+require_once __DIR__ . '/../vendor/autoload.php';
+require_once __DIR__ . '/client.php';
+require_once __DIR__ . '/get_object.php';
+require_once __DIR__ . '/put_object.php';
+
+use Aws\S3\Crypto\S3EncryptionClientV2;
+use Aws\Crypto\KmsMaterialsProviderV2;
+use Aws\S3\S3Client;
+use Aws\Kms\KmsClient;
+
+// Function to read session ID from cookies.txt file
+function getSessionIdFromCookiesFile()
+{
+    $cookiesFile = __DIR__ . '/../cookies.txt';
+
+    if (!file_exists($cookiesFile)) {
+        error_log("cookies.txt file does not exist, will be created when first client is created");
+        return null;
+    }
+
+    $lines = file($cookiesFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+
+    if ($lines === false) {
+        error_log("Failed to read cookies.txt file");
+        return null;
+    }
+
+    foreach ($lines as $line) {
+        // Skip comment lines
+        if (strpos($line, '#') === 0) {
+            continue;
+        }
+
+        // Parse cookie line: domain, flag, path, secure, expiration, name, value
+        $parts = explode("\t", $line);
+        if (count($parts) >= 7 && $parts[5] === 'PHPSESSID') {
+            error_log("Found session ID in cookies.txt: " . $parts[6]);
+            return $parts[6]; // Return the session ID value
+        }
+    }
+
+    error_log("No PHPSESSID found in cookies.txt file");
+    return null;
+}
+
+// Function to write session ID to cookies.txt file
+function writeSessionIdToCookiesFile($sessionId)
+{
+    $cookiesFile = __DIR__ . '/../cookies.txt';
+
+    // Create Netscape cookie format entry
+    $cookieLine = "localhost\tFALSE\t/\tFALSE\t0\tPHPSESSID\t$sessionId";
+
+    // Write header and cookie entry
+    $content = "# Netscape HTTP Cookie File\n";
+    $content .= "# https://curl.se/docs/http-cookies.html\n";
+    $content .= "# This file was generated by libcurl! Edit at your own risk.\n\n";
+    $content .= $cookieLine . "\n";
+
+    $result = file_put_contents($cookiesFile, $content);
+
+    if ($result === false) {
+        error_log("Failed to write session ID to cookies.txt file: $cookiesFile");
+        return false;
+    }
+
+    error_log("Successfully wrote session ID to cookies.txt: $sessionId");
+    return true;
+}
+
+set_time_limit(600);
+// Start session to persist cache across requests
+// First try to use session ID from cookies.txt if available
+$sessionId = getSessionIdFromCookiesFile();
+if ($sessionId) {
+    session_id($sessionId);
+}
+session_start();
+
+// Initialize session cache if it doesn't exist
+if (!isset($_SESSION['s3ecCache'])) {
+    $_SESSION['s3ecCache'] = [];
+}
+
+// Simple router class
+class SimpleRouter
+{
+    private $routes = [];
+
+    public function addRoute($method, $path, $handler)
+    {
+        $this->routes[] = [
+            'method' => strtoupper($method),
+            'path' => $path,
+            'handler' => $handler
+        ];
+    }
+
+    public function handleRequest()
+    {
+        $method = $_SERVER['REQUEST_METHOD'];
+        $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+
+        foreach ($this->routes as $route) {
+            if ($route['method'] === $method) {
+                $params = $this->matchPathWithParams($route['path'], $path);
+                if ($params !== false) {
+                    return call_user_func($route['handler'], $params);
+                }
+            }
+        }
+
+        // Default 404 response
+        http_response_code(404);
+        return json_encode(['error' => 'Not Found']);
+    }
+
+    private function matchPathWithParams($routePath, $requestPath)
+    {
+        // Handle exact matches first (for routes without parameters)
+        if ($routePath === $requestPath) {
+            return [];
+        }
+
+        // Convert route path like '/object/{bucket}/{key}' to regex
+        $pattern = preg_replace('/\{([^}]+)\}/', '([^/]+)', $routePath);
+        $pattern = '/^' . str_replace('/', '\/', $pattern) . '$/';
+
+        if (preg_match($pattern, $requestPath, $matches)) {
+            array_shift($matches); // Remove full match
+
+            // Extract parameter names
+            preg_match_all('/\{([^}]+)\}/', $routePath, $paramNames);
+            $params = [];
+
+            foreach ($paramNames[1] as $index => $paramName) {
+                $params[$paramName] = $matches[$index] ?? null;
+            }
+
+            return $params;
+        }
+
+        return false;
+    }
+}
+
+// Helper function to get cached client by ID
+function getCachedClient($clientId)
+{
+    if (!isset($_SESSION['s3ecCache'][$clientId])) {
+        return null;
+    }
+
+    $config = $_SESSION['s3ecCache'][$clientId];
+
+    // Recreate the AWS clients from stored configuration
+    $s3Client = new S3Client($config['s3Config']);
+    $encryptionClient = new S3EncryptionClientV2($s3Client);
+
+    $kmsClient = new KmsClient($config['kmsConfig']);
+    $materialsProvider = new KmsMaterialsProviderV2($kmsClient, $config['kmsKeyId']);
+
+    return [
+        'encryptionClient' => $encryptionClient,
+        'materialsProvider' => $materialsProvider,
+        'config' => $config
+    ];
+}
+
+function createDefaultClientTuple(): array
+{
+    $s3Client = new S3Client([
+        'region' => 'us-west-2',
+        'version' => 'latest',
+        'http' => [
+            'debug' => false,
+            'verify' => true,
+            'curl' => [
+                CURLOPT_VERBOSE => false,
+                CURLOPT_NOPROGRESS => true
+            ]
+        ]
+    ]);
+    $encryptionClient = new S3EncryptionClientV2($s3Client);
+
+    $kmsClient = new KmsClient([
+        'region' => 'us-west-2',
+        'version' => 'latest',
+        'http' => [
+            'debug' => false,
+            'verify' => true,
+            'curl' => [
+                CURLOPT_VERBOSE => false,
+                CURLOPT_NOPROGRESS => true
+            ]
+        ]
+    ]);
+    $materialsProvider = new KmsMaterialsProviderV2($kmsClient, 'arn:aws:kms:us-west-2:370957321024:alias/S3EC-Test-Server-Github-KMS-Key');
+
+    return [
+        'encryptionClient' => $encryptionClient,
+        'materialsProvider' => $materialsProvider
+    ];
+}
+
+function metadataStringToMap($metadata): array
+{
+    $md = [];
+
+    if (empty($metadata)) {
+        return $md;
+    }
+
+    $mdList = explode(',', $metadata);
+
+    foreach ($mdList as $entry) {
+        $parts = explode(']:[', $entry);
+
+        if (count($parts) === 2) {
+            $key = substr($parts[0], 1);
+            $value = substr($parts[1], 0, -1);
+            $md[$key] = $value;
+        } else {
+            throw new InvalidArgumentException("Malformed metadata list entry: " . $entry);
+        }
+    }
+
+    return $md;
+}
+function formatMetadataForResponse($metadata)
+{
+    $metadataList = [];
+    // Handle different metadata input types
+    if (is_array($metadata)) {
+        // If it's an associative array (like Python dict)
+        foreach ($metadata as $key => $value) {
+            $metadataList[] = $key . '=' . $value;
+        }
+    } elseif (is_string($metadata) && !empty($metadata)) {
+        // If it's already a string, assume it's in the correct format
+        return $metadata;
+    }
+
+    // Convert array to comma-separated string
+    return implode(',', $metadataList);
+}
+
+// Initialize router
+$router = new SimpleRouter();
+
+// Add basic routes
+$router->addRoute('GET', '/', function () {
+    return json_encode([
+        'service' => 'S3EC PHP v2 Test Server',
+        'status' => 'running',
+        'port' => 8087,
+        'endpoints' => [
+            'GET /' => 'Server status',
+            'POST /client' => 'Create an S3EncryptionClient and cache it.',
+            'GET /object/{bucket}/{key}' => 'Handle GET requests to /object/{bucket}/{key} by using the S3EncryptionClient to make a GetObject request to S3.',
+            'PUT /object/{bucket}/{key}' => 'Handle PUT requests to /object/{bucket}/{key} by using the S3EncryptionClient to make a PutObject request to S3.',
+        ]
+    ]);
+});
+
+$router->addRoute('GET', '/cache', function () {
+    return json_encode([
+        'sessionId' => session_id(),
+        'sessionStatus' => session_status(),
+        'totalCachedClients' => count($_SESSION['s3ecCache'] ?? []),
+        'allClientIds' => array_keys($_SESSION['s3ecCache'] ?? []),
+        'cacheDetails' => $_SESSION['s3ecCache'] ?? []
+    ]);
+});
+
+$router->addRoute('GET', '/object/{bucket}/{key}', function ($params) {
+    return handleGetObject($params);
+});
+
+$router->addRoute('PUT', '/object/{bucket}/{key}', function ($params) {
+    return handlePutObject($params);
+});
+
+$router->addRoute('POST', '/client', function () {
+    return handleCreateClient();
+});
+
+// Handle the request and output response
+$result = $router->handleRequest();
+if ($result !== false) {
+    echo $result;
+}
diff --git a/test-server/php-v2-server/src/put_object.php b/test-server/php-v2-server/src/put_object.php
new file mode 100644
index 00000000..63058f7d
--- /dev/null
+++ b/test-server/php-v2-server/src/put_object.php
@@ -0,0 +1,72 @@
+<?php
+
+require_once __DIR__ . '/errors.php';
+
+function handlePutObject($params)
+{
+    // Get the raw request body
+    $rawBody = file_get_contents('php://input');
+    // Get ClientID from HTTP header
+    $clientId = $_SERVER['HTTP_X_CLIENT_ID'] ?? $_SERVER['HTTP_CLIENTID'] ?? null;
+
+    if (empty($clientId)) {
+        return GenericServerError("ClientID header is required", 400);
+    }
+
+    # Get the S3EncryptionClient from the client_cache
+    $s3ecClientTuple = getCachedClient($clientId);
+    if (is_null($s3ecClientTuple)) {
+        return GenericServerError("No client found for ClientID: " . $clientId, 404);
+    }
+
+    // Capture all Content-Metadata headers
+    $metadata = $_SERVER['HTTP_CONTENT_METADATA'] ?? '';
+    $encryptionContext = metadataStringToMap($metadata);
+
+    // Extract bucket and key from URL parameters
+    $bucket = $params['bucket'] ?? null;
+    $key = $params['key'] ?? null;
+
+    if (is_null($bucket) || is_null($key)) {
+        return GenericServerError("Invalidb bucket or key parameters", 400);
+    }
+
+    $s3ec = $s3ecClientTuple["encryptionClient"];
+    $materialProvider = $s3ecClientTuple["materialsProvider"];
+    $cipherOptions = [
+        'Cipher' => 'gcm',
+        'KeySize' => 256,
+    ];
+    $legacyConfig = $s3ecClientTuple["legacy"] ?? false;
+    $legacy = null;
+    if ($legacyConfig === false) {
+        $legacy = "V2";
+    } else {
+        $legacy = "V2_AND_LEGACY";
+    }
+
+    try {
+        $result = $s3ec->putObject([
+            '@SecurityProfile' => $legacy,
+            '@MaterialsProvider' => $materialProvider,
+            '@KmsEncryptionContext' => $encryptionContext,
+            '@CipherOptions' => $cipherOptions,
+            'Bucket' => $bucket,
+            'Key' => $key,
+            'Body' => $rawBody,
+        ]);
+
+        header("Content-Type: application/json");
+        return json_encode([
+            "bucket" => $bucket,
+            "key" => $key,
+            // php for some reason blows java's heap if we pass the metadata
+            // "metadata" => $encryptionContext
+        ]);
+
+    } catch (InvalidArgumentException $e) {
+        return S3EncryptionClientError("Invalid arguement: " . $e->getMessage());
+    } catch (Exception $e) {
+        return GenericServerError("Server error: " . $e->getMessage());
+    }
+}
diff --git a/test-server/php-v3-server/.gitignore b/test-server/php-v3-server/.gitignore
new file mode 100644
index 00000000..07108589
--- /dev/null
+++ b/test-server/php-v3-server/.gitignore
@@ -0,0 +1,4 @@
+vendor/*
+cookies.txt
+server.pid
+composer.lock
\ No newline at end of file
diff --git a/test-server/php-v3-server/Makefile b/test-server/php-v3-server/Makefile
new file mode 100644
index 00000000..d62be452
--- /dev/null
+++ b/test-server/php-v3-server/Makefile
@@ -0,0 +1,24 @@
+# Makefile for S3 Encryption Client Testing
+
+.PHONY: start-server stop-server wait-for-server
+
+PID_FILE := server.pid
+PORT := 8093
+
+start-server:
+	@echo "Starting PHP V2 server..."
+	AWS_ACCESS_KEY_ID="$$AWS_ACCESS_KEY_ID" \
+	AWS_SECRET_ACCESS_KEY="$$AWS_SECRET_ACCESS_KEY" \
+	AWS_SESSION_TOKEN="$$AWS_SESSION_TOKEN" \
+	AWS_REGION="us-west-2" \
+	composer run start & echo $$! > $(PID_FILE)
+	@echo "PHP V2 server starting..."
+
+stop-server:
+	@if [ -f $(PID_FILE) ]; then \
+		kill $$(cat $(PID_FILE)) 2>/dev/null || true; \
+		rm $(PID_FILE); \
+	fi
+
+wait-for-server:
+	$(MAKE) -C .. wait-for-port PORT=$(PORT)
diff --git a/test-server/php-v3-server/README.md b/test-server/php-v3-server/README.md
new file mode 100644
index 00000000..284c6e97
--- /dev/null
+++ b/test-server/php-v3-server/README.md
@@ -0,0 +1,66 @@
+# S3EC PHP v3 Test Server
+
+This is the PHP V3 implementation of the S3ECTestServer framework. It provides a server implementation for testing S3 Encryption Client functionality.
+
+## Overview
+
+The S3ECPhpV3TestServer implements the S3ECTestServer service defined in the shared Smithy model. It provides endpoints for:
+
+- Creating S3 Encryption Clients with session-based caching
+- Putting objects with encryption
+- Getting and decrypting objects
+
+## Starting the Server
+
+### Method 1: Using Composer (Recommended)
+```bash
+composer run start
+```
+
+The server will start on port `8093`.
+
+## Available Endpoints
+
+### Server Status
+- **GET /** - Returns server status and available endpoints
+
+### Client Management
+- **POST /client** - Creates an S3EncryptionClient and caches it with session persistence
+- **GET /cache** - Shows current session state and cached clients (for debugging)
+
+### Object Operations
+- **GET /object/{bucket}/{key}** - Handle GET requests using the S3EncryptionClient
+- **PUT /object/{bucket}/{key}** - Handle PUT requests using the S3EncryptionClient
+
+## Testing with curl
+
+### Important: Session Cookie Management
+
+To properly test the server and maintain session persistence, you **must** use cookies with curl:
+
+#### First Request (creates session cookie):
+```bash
+curl -X POST http://localhost:8093/client \
+  -H "Content-Type: application/json" \
+  -v
+```
+
+#### Subsequent Requests (reuses session cookie):
+```bash
+curl -X POST http://localhost:8093/client \
+  -H "Content-Type: application/json" \
+  -v
+```
+
+#### Check Cache Status:
+```bash
+curl http://localhost:8093/cache \
+  -b cookies.txt
+```
+
+#### Helpful Notes
+- **Session Storage**: Client configurations are stored in `$_SESSION['s3ecCache']`
+- **Object Recreation**: AWS SDK objects are recreated from stored configuration (they cannot be serialized)
+AWS SDK obbjects cannot be serialized due to internal resources and closures.
+- **Helper Function**: `getCachedClient($clientId)` retrieves and recreates clients from cache
+- **Debugging**: Enhanced logging and `/cache` endpoint for troubleshooting
diff --git a/test-server/php-v3-server/composer.json b/test-server/php-v3-server/composer.json
new file mode 100644
index 00000000..7ed1daf3
--- /dev/null
+++ b/test-server/php-v3-server/composer.json
@@ -0,0 +1,24 @@
+{
+    "name": "aws/s3ec-php-v2-test-server",
+    "description": "PHP v2 implementation of the S3EC Test Server framework",
+    "type": "project",
+    "license": "Apache-2.0",
+    "require": {
+        "php": ">=7.4",
+        "aws/aws-sdk-php": "^3.356",
+        "ramsey/uuid": "^4.9"
+    },
+    "autoload": {
+        "psr-4": {
+            "S3EC\\PhpV2Server\\": "src/"
+        }
+    },
+    "scripts": {
+        "start": [
+            "php -S 0.0.0.0:8093 src/index.php"
+        ]
+    },
+    "config": {
+        "optimize-autoloader": true
+    }
+}
\ No newline at end of file
diff --git a/test-server/php-v3-server/src/client.php b/test-server/php-v3-server/src/client.php
new file mode 100644
index 00000000..6c40f590
--- /dev/null
+++ b/test-server/php-v3-server/src/client.php
@@ -0,0 +1,68 @@
+<?php
+
+require_once __DIR__ . '/errors.php';
+
+use Ramsey\Uuid\Uuid;
+
+function handleCreateClient()
+{
+    // Get the raw request body
+    $rawBody = file_get_contents('php://input');
+
+    // Parse JSON if the body contains JSON
+    $requestData = json_decode($rawBody, true);
+    if (json_last_error() !== JSON_ERROR_NONE) {
+        return GenericServerError("Invalid JSON in request body", 400);
+    }
+    $configData = $requestData['config'] ?? [];
+    $keyMaterial = $configData["keyMaterial"] ?? null;
+    $legacyAlgorithms = $configData["enableLegacyWrappingAlgorithms"] ?? false;
+    $clientId = Uuid::uuid4()->toString();
+    $kmsKeyId = $keyMaterial["kmsKeyId"] ?? null;
+
+    if (empty($configData)) {
+        return GenericServerError("Invalid config in request body", 400);
+    }
+    if (is_null($keyMaterial) || is_null($kmsKeyId)) {
+        return GenericServerError("Invalid keyMaterial in config", 400);
+    }
+
+    // Store client configuration instead of objects (AWS objects can't be serialized)
+    $_SESSION['s3ecCache'][$clientId] = [
+        's3Config' => [
+            'region' => 'us-west-2',
+            'version' => 'latest',
+            'http' => [
+                'debug' => false,
+                'verify' => true,
+                'curl' => [
+                    CURLOPT_VERBOSE => false,
+                    CURLOPT_NOPROGRESS => true
+                ]
+            ]
+        ],
+        'kmsConfig' => [
+            'region' => 'us-west-2',
+            'version' => 'latest',
+            'http' => [
+                'debug' => false,
+                'verify' => true,
+                'curl' => [
+                    CURLOPT_VERBOSE => false,
+                    CURLOPT_NOPROGRESS => true
+                ]
+            ]
+        ],
+        'kmsKeyId' => $kmsKeyId,
+        'legacy' => $legacyAlgorithms,
+        'created' => time()
+    ];
+
+    // Auto-update cookies.txt with current session ID so tests can access cached clients
+    writeSessionIdToCookiesFile(session_id());
+
+    header("Content-Type: application/json");
+    return json_encode([
+        'clientId' => $clientId,
+    ]);
+}
diff --git a/test-server/php-v3-server/src/errors.php b/test-server/php-v3-server/src/errors.php
new file mode 100644
index 00000000..2b59861d
--- /dev/null
+++ b/test-server/php-v3-server/src/errors.php
@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * Used for "internal" errors, e.g. problems with the test server itself
+ * Tests MUST NOT expect this error in negative tests.
+ * 
+ * @param string $message The error message to include in the response
+ * @param int $code The error code to set in the reponse
+ * @return string JSON-encoded error response
+ */
+function GenericServerError($message, $code = 500)
+{
+    http_response_code(500);
+    header('Content-Type: application/json');
+
+    $errorResponse = [
+        'error' => 'GenericServerError',
+        'message' => $message
+    ];
+
+    return json_encode($errorResponse);
+}
+
+/**
+ * Used for modeled errors, e.g. errors thrown by the S3EC
+ * Tests SHOULD expect this error in negative tests.
+ * 
+ * @param string $message The error message to include in the response
+ * @return string JSON-encoded error response
+ */
+function S3EncryptionClientError($message)
+{
+    http_response_code(500);
+    header('Content-Type: application/json');
+
+    $errorResponse = [
+        "__type" => "software.amazon.encryption.s3#S3EncryptionClientError",
+        'message' => $message
+    ];
+
+    return json_encode($errorResponse);
+}
diff --git a/test-server/php-v3-server/src/get_object.php b/test-server/php-v3-server/src/get_object.php
new file mode 100644
index 00000000..59e2192c
--- /dev/null
+++ b/test-server/php-v3-server/src/get_object.php
@@ -0,0 +1,85 @@
+<?php
+
+require_once __DIR__ . '/errors.php';
+
+function handleGetObject($params)
+{
+    // Get ClientID from HTTP header
+    $clientId = $_SERVER['HTTP_X_CLIENT_ID'] ?? $_SERVER['HTTP_CLIENTID'] ?? null;
+
+    if (empty($clientId)) {
+        return GenericServerError("ClientID header is required", 400);
+    }
+
+    # Get the S3EncryptionClient from the client_cache
+    $s3ecClientTuple = getCachedClient($clientId);
+    if (is_null($s3ecClientTuple)) {
+        return GenericServerError("No client found for ClientID: " . $clientId, 404);
+    }
+
+    $metadata = $_SERVER['HTTP_CONTENT_METADATA'] ?? '';
+    $encryptionContext = metadataStringToMap($metadata);
+
+    // Extract bucket and key from URL parameters
+    $bucket = $params['bucket'] ?? null;
+    $key = $params['key'] ?? null;
+
+    if (is_null($bucket) || is_null($key)) {
+        return GenericServerError("Invalidb bucket or key parameters", 400);
+    }
+
+    $s3ec = $s3ecClientTuple["encryptionClient"];
+    $materialProvider = $s3ecClientTuple["materialsProvider"];
+    $clientConfig = $s3ecClientTuple["config"];
+    $legacyConfig = $clientConfig["legacy"] ?? false;
+    $legacy = null;
+    if ($legacyConfig === false) {
+        $legacy = "V2";
+    } else {
+        $legacy = "V2_AND_LEGACY";
+    }
+
+    try {
+        // Start output buffering before the AWS call to capture any unwanted output
+        ob_start();
+
+        $result = $s3ec->getObject([
+            '@SecurityProfile' => $legacy,
+            '@MaterialsProvider' => $materialProvider,
+            '@KmsEncryptionContext' => $encryptionContext,
+            'Bucket' => $bucket,
+            'Key' => $key,
+        ]);
+
+        // Capture and discard any unwanted output from AWS SDK
+        $unwantedOutput = ob_get_clean();
+        if (!empty($unwantedOutput)) {
+            error_log("AWS SDK produced unexpected output: " . strlen($unwantedOutput) . " bytes");
+        }
+
+        $body = $result['Body']->getContents();
+        $formattedMetadata = formatMetadataForResponse($result["Metadata"]);
+
+        // Now set headers safely
+        header("Content-Metadata: " . $formattedMetadata);
+        header("Content-Type: application/octet-stream");
+        header("Content-Length: " . strlen($body));
+        return $body;
+    } catch (InvalidArgumentException $e) {
+        // Clean up output buffer if still active
+        if (ob_get_level()) {
+            ob_end_clean();
+        }
+        return GenericServerError("Invalid argument: " . $e->getMessage(), 400);
+    } catch (Exception $e) {
+        // Clean up output buffer if still active
+        if (ob_get_level()) {
+            ob_end_clean();
+        }
+        if (strpos($e->getMessage(), "@SecurityProfile=V2") !== false) {
+            return S3EncryptionClientError($e->getMessage() . " " . "Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms");
+        } else {
+            return GenericServerError("Server argument: " . $e->getMessage(), 500);
+        }
+    }
+}
diff --git a/test-server/php-v3-server/src/index.php b/test-server/php-v3-server/src/index.php
new file mode 100644
index 00000000..cc5dee29
--- /dev/null
+++ b/test-server/php-v3-server/src/index.php
@@ -0,0 +1,294 @@
+<?php
+
+require_once __DIR__ . '/../vendor/autoload.php';
+require_once __DIR__ . '/client.php';
+require_once __DIR__ . '/get_object.php';
+require_once __DIR__ . '/put_object.php';
+
+use Aws\S3\Crypto\S3EncryptionClientV2;
+use Aws\Crypto\KmsMaterialsProviderV2;
+use Aws\S3\S3Client;
+use Aws\Kms\KmsClient;
+
+// Function to read session ID from cookies.txt file
+function getSessionIdFromCookiesFile()
+{
+    $cookiesFile = __DIR__ . '/../cookies.txt';
+
+    if (!file_exists($cookiesFile)) {
+        error_log("cookies.txt file does not exist, will be created when first client is created");
+        return null;
+    }
+
+    $lines = file($cookiesFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+
+    if ($lines === false) {
+        error_log("Failed to read cookies.txt file");
+        return null;
+    }
+
+    foreach ($lines as $line) {
+        // Skip comment lines
+        if (strpos($line, '#') === 0) {
+            continue;
+        }
+
+        // Parse cookie line: domain, flag, path, secure, expiration, name, value
+        $parts = explode("\t", $line);
+        if (count($parts) >= 7 && $parts[5] === 'PHPSESSID') {
+            error_log("Found session ID in cookies.txt: " . $parts[6]);
+            return $parts[6]; // Return the session ID value
+        }
+    }
+
+    error_log("No PHPSESSID found in cookies.txt file");
+    return null;
+}
+
+// Function to write session ID to cookies.txt file
+function writeSessionIdToCookiesFile($sessionId)
+{
+    $cookiesFile = __DIR__ . '/../cookies.txt';
+
+    // Create Netscape cookie format entry
+    $cookieLine = "localhost\tFALSE\t/\tFALSE\t0\tPHPSESSID\t$sessionId";
+
+    // Write header and cookie entry
+    $content = "# Netscape HTTP Cookie File\n";
+    $content .= "# https://curl.se/docs/http-cookies.html\n";
+    $content .= "# This file was generated by libcurl! Edit at your own risk.\n\n";
+    $content .= $cookieLine . "\n";
+
+    $result = file_put_contents($cookiesFile, $content);
+
+    if ($result === false) {
+        error_log("Failed to write session ID to cookies.txt file: $cookiesFile");
+        return false;
+    }
+
+    error_log("Successfully wrote session ID to cookies.txt: $sessionId");
+    return true;
+}
+
+set_time_limit(600);
+// Start session to persist cache across requests
+// First try to use session ID from cookies.txt if available
+$sessionId = getSessionIdFromCookiesFile();
+if ($sessionId) {
+    session_id($sessionId);
+}
+session_start();
+
+// Initialize session cache if it doesn't exist
+if (!isset($_SESSION['s3ecCache'])) {
+    $_SESSION['s3ecCache'] = [];
+}
+
+// Simple router class
+class SimpleRouter
+{
+    private $routes = [];
+
+    public function addRoute($method, $path, $handler)
+    {
+        $this->routes[] = [
+            'method' => strtoupper($method),
+            'path' => $path,
+            'handler' => $handler
+        ];
+    }
+
+    public function handleRequest()
+    {
+        $method = $_SERVER['REQUEST_METHOD'];
+        $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+
+        foreach ($this->routes as $route) {
+            if ($route['method'] === $method) {
+                $params = $this->matchPathWithParams($route['path'], $path);
+                if ($params !== false) {
+                    return call_user_func($route['handler'], $params);
+                }
+            }
+        }
+
+        // Default 404 response
+        http_response_code(404);
+        return json_encode(['error' => 'Not Found']);
+    }
+
+    private function matchPathWithParams($routePath, $requestPath)
+    {
+        // Handle exact matches first (for routes without parameters)
+        if ($routePath === $requestPath) {
+            return [];
+        }
+
+        // Convert route path like '/object/{bucket}/{key}' to regex
+        $pattern = preg_replace('/\{([^}]+)\}/', '([^/]+)', $routePath);
+        $pattern = '/^' . str_replace('/', '\/', $pattern) . '$/';
+
+        if (preg_match($pattern, $requestPath, $matches)) {
+            array_shift($matches); // Remove full match
+
+            // Extract parameter names
+            preg_match_all('/\{([^}]+)\}/', $routePath, $paramNames);
+            $params = [];
+
+            foreach ($paramNames[1] as $index => $paramName) {
+                $params[$paramName] = $matches[$index] ?? null;
+            }
+
+            return $params;
+        }
+
+        return false;
+    }
+}
+
+// Helper function to get cached client by ID
+function getCachedClient($clientId)
+{
+    if (!isset($_SESSION['s3ecCache'][$clientId])) {
+        return null;
+    }
+
+    $config = $_SESSION['s3ecCache'][$clientId];
+
+    // Recreate the AWS clients from stored configuration
+    $s3Client = new S3Client($config['s3Config']);
+    $encryptionClient = new S3EncryptionClientV2($s3Client);
+
+    $kmsClient = new KmsClient($config['kmsConfig']);
+    $materialsProvider = new KmsMaterialsProviderV2($kmsClient, $config['kmsKeyId']);
+
+    return [
+        'encryptionClient' => $encryptionClient,
+        'materialsProvider' => $materialsProvider,
+        'config' => $config
+    ];
+}
+
+function createDefaultClientTuple(): array
+{
+    $s3Client = new S3Client([
+        'region' => 'us-west-2',
+        'version' => 'latest',
+        'http' => [
+            'debug' => false,
+            'verify' => true,
+            'curl' => [
+                CURLOPT_VERBOSE => false,
+                CURLOPT_NOPROGRESS => true
+            ]
+        ]
+    ]);
+    $encryptionClient = new S3EncryptionClientV2($s3Client);
+
+    $kmsClient = new KmsClient([
+        'region' => 'us-west-2',
+        'version' => 'latest',
+        'http' => [
+            'debug' => false,
+            'verify' => true,
+            'curl' => [
+                CURLOPT_VERBOSE => false,
+                CURLOPT_NOPROGRESS => true
+            ]
+        ]
+    ]);
+    $materialsProvider = new KmsMaterialsProviderV2($kmsClient, 'arn:aws:kms:us-west-2:370957321024:alias/S3EC-Test-Server-Github-KMS-Key');
+
+    return [
+        'encryptionClient' => $encryptionClient,
+        'materialsProvider' => $materialsProvider
+    ];
+}
+
+function metadataStringToMap($metadata): array
+{
+    $md = [];
+
+    if (empty($metadata)) {
+        return $md;
+    }
+
+    $mdList = explode(',', $metadata);
+
+    foreach ($mdList as $entry) {
+        $parts = explode(']:[', $entry);
+
+        if (count($parts) === 2) {
+            $key = substr($parts[0], 1);
+            $value = substr($parts[1], 0, -1);
+            $md[$key] = $value;
+        } else {
+            throw new InvalidArgumentException("Malformed metadata list entry: " . $entry);
+        }
+    }
+
+    return $md;
+}
+function formatMetadataForResponse($metadata)
+{
+    $metadataList = [];
+    // Handle different metadata input types
+    if (is_array($metadata)) {
+        // If it's an associative array (like Python dict)
+        foreach ($metadata as $key => $value) {
+            $metadataList[] = $key . '=' . $value;
+        }
+    } elseif (is_string($metadata) && !empty($metadata)) {
+        // If it's already a string, assume it's in the correct format
+        return $metadata;
+    }
+
+    // Convert array to comma-separated string
+    return implode(',', $metadataList);
+}
+
+// Initialize router
+$router = new SimpleRouter();
+
+// Add basic routes
+$router->addRoute('GET', '/', function () {
+    return json_encode([
+        'service' => 'S3EC PHP v2 Test Server',
+        'status' => 'running',
+        'port' => 8087,
+        'endpoints' => [
+            'GET /' => 'Server status',
+            'POST /client' => 'Create an S3EncryptionClient and cache it.',
+            'GET /object/{bucket}/{key}' => 'Handle GET requests to /object/{bucket}/{key} by using the S3EncryptionClient to make a GetObject request to S3.',
+            'PUT /object/{bucket}/{key}' => 'Handle PUT requests to /object/{bucket}/{key} by using the S3EncryptionClient to make a PutObject request to S3.',
+        ]
+    ]);
+});
+
+$router->addRoute('GET', '/cache', function () {
+    return json_encode([
+        'sessionId' => session_id(),
+        'sessionStatus' => session_status(),
+        'totalCachedClients' => count($_SESSION['s3ecCache'] ?? []),
+        'allClientIds' => array_keys($_SESSION['s3ecCache'] ?? []),
+        'cacheDetails' => $_SESSION['s3ecCache'] ?? []
+    ]);
+});
+
+$router->addRoute('GET', '/object/{bucket}/{key}', function ($params) {
+    return handleGetObject($params);
+});
+
+$router->addRoute('PUT', '/object/{bucket}/{key}', function ($params) {
+    return handlePutObject($params);
+});
+
+$router->addRoute('POST', '/client', function () {
+    return handleCreateClient();
+});
+
+// Handle the request and output response
+$result = $router->handleRequest();
+if ($result !== false) {
+    echo $result;
+}
diff --git a/test-server/php-v3-server/src/put_object.php b/test-server/php-v3-server/src/put_object.php
new file mode 100644
index 00000000..63058f7d
--- /dev/null
+++ b/test-server/php-v3-server/src/put_object.php
@@ -0,0 +1,72 @@
+<?php
+
+require_once __DIR__ . '/errors.php';
+
+function handlePutObject($params)
+{
+    // Get the raw request body
+    $rawBody = file_get_contents('php://input');
+    // Get ClientID from HTTP header
+    $clientId = $_SERVER['HTTP_X_CLIENT_ID'] ?? $_SERVER['HTTP_CLIENTID'] ?? null;
+
+    if (empty($clientId)) {
+        return GenericServerError("ClientID header is required", 400);
+    }
+
+    # Get the S3EncryptionClient from the client_cache
+    $s3ecClientTuple = getCachedClient($clientId);
+    if (is_null($s3ecClientTuple)) {
+        return GenericServerError("No client found for ClientID: " . $clientId, 404);
+    }
+
+    // Capture all Content-Metadata headers
+    $metadata = $_SERVER['HTTP_CONTENT_METADATA'] ?? '';
+    $encryptionContext = metadataStringToMap($metadata);
+
+    // Extract bucket and key from URL parameters
+    $bucket = $params['bucket'] ?? null;
+    $key = $params['key'] ?? null;
+
+    if (is_null($bucket) || is_null($key)) {
+        return GenericServerError("Invalidb bucket or key parameters", 400);
+    }
+
+    $s3ec = $s3ecClientTuple["encryptionClient"];
+    $materialProvider = $s3ecClientTuple["materialsProvider"];
+    $cipherOptions = [
+        'Cipher' => 'gcm',
+        'KeySize' => 256,
+    ];
+    $legacyConfig = $s3ecClientTuple["legacy"] ?? false;
+    $legacy = null;
+    if ($legacyConfig === false) {
+        $legacy = "V2";
+    } else {
+        $legacy = "V2_AND_LEGACY";
+    }
+
+    try {
+        $result = $s3ec->putObject([
+            '@SecurityProfile' => $legacy,
+            '@MaterialsProvider' => $materialProvider,
+            '@KmsEncryptionContext' => $encryptionContext,
+            '@CipherOptions' => $cipherOptions,
+            'Bucket' => $bucket,
+            'Key' => $key,
+            'Body' => $rawBody,
+        ]);
+
+        header("Content-Type: application/json");
+        return json_encode([
+            "bucket" => $bucket,
+            "key" => $key,
+            // php for some reason blows java's heap if we pass the metadata
+            // "metadata" => $encryptionContext
+        ]);
+
+    } catch (InvalidArgumentException $e) {
+        return S3EncryptionClientError("Invalid arguement: " . $e->getMessage());
+    } catch (Exception $e) {
+        return GenericServerError("Server error: " . $e->getMessage());
+    }
+}