Laravel
Laravel Basic
Laravel Form
Laravel Database
Laravel Advance
Laravel API Authentication
Why API Authentication?
When building APIs, we need to make sure only authenticated users can access certain endpoints (like dashboard, profile, etc.).
In normal web apps, Laravel uses session + cookies, but for APIs we use tokens.
Steps in Flow
- Register → Save user in DB
- Login → Validate user and generate token (store in DB)
- Authenticate → Every API request must include token (in
Authorizationheader) - Logout (optional) → Delete token
Create Middleware (Custom Token Auth)
php artisan make:middleware ApiAuthMiddleware
Edit file: app/Http/Middleware/ApiAuthMiddleware.php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use App\Models\User;
class ApiAuthMiddleware
{
public function handle(Request $request, Closure $next)
{
$token = $request->header('Authorization');
if (!$token) {
return response()->json(['error' => 'Token not provided'], 401);
}
$user = User::where('remember_token', $token)->first();
if (!$user) {
return response()->json(['error' => 'Invalid token'], 401);
}
// Store authenticated user in request
$request->merge(['user' => $user]);
return $next($request);
}
}
Register middleware in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) {
$middleware->alias([
'auth.api' => \App\Http\Middleware\ApiAuthMiddleware::class,
]);
})
AuthController
Create controller:
php artisan make:controller Api/AuthController
app/Http/Controllers/Api/AuthController.php:
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
class AuthController extends Controller
{
// Register
public function register(Request $request)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|email|unique:users',
'password' => 'required|min:6',
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
return response()->json(['message' => 'User registered successfully']);
}
// Login
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);
$user = User::where('email', $request->email)->first();
if (!$user || !Hash::check($request->password, $user->password)) {
return response()->json(['error' => 'Invalid credentials'], 401);
}
// Generate token
$user->remember_token = Str::random(60);
$user->save();
return response()->json([
'message' => 'Login successful',
'token' => $user->remember_token,
]);
}
// Dashboard
public function dashboard(Request $request)
{
$user = $request->user;
return response()->json([
'message' => 'Welcome to Dashboard',
'user' => $user,
]);
}
// Logout
public function logout(Request $request)
{
$user = $request->user;
$user->api_token = null; // clear token
$user->save();
return response()->json(['message' => 'Logged out successfully']);
}
}
API Routes
Define routes in routes/api.php:
use App\Http\Controllers\Api\AuthController;
use Illuminate\Support\Facades\Route;
Route::post('/register', [AuthController::class, 'register']);
Route::post('/login', [AuthController::class, 'login']);
// Protected routes
Route::middleware('auth.api')->group(function () {
Route::get('/dashboard', [AuthController::class, 'dashboard']);
Route::post('/logout', [AuthController::class, 'logout']);
});
Postman Output:
Register:
Login:
After login copy token
Dashboard:
Put token in hearder in Authorization key
Logout:
Whereisstuff is simple learing platform for beginer to advance level to improve there skills in technologies.we will provide all material free of cost.you can write a code in runkit workspace and we provide some extrac features also, you agree to have read and accepted our terms of use, cookie and privacy policy.
© Copyright 2024 www.whereisstuff.com. All rights reserved. Developed by whereisstuff Tech.