I created an easy to use API to help businesses do incredible things with AI.
Benjamin Crozat
Latest
Courses
Books
Links
Design Patterns<br /> for Vue.js
Design Patterns
for Vue.js
Lachlan Miller
Get the book
Consuming APIs<br /> in Laravel
Consuming APIs
in Laravel
Ash Allen
Get the book
Microservices with<br /> Laravel
Microservices with
Laravel
Martin Joo
Get the book
Level up<br /> with Tailwind CSS
Level up
with Tailwind CSS
Shruti Balasa
Get the book
Domain-Driven Design<br /> with Laravel
Domain-Driven Design
with Laravel
Martin Joo
Get the book
Mastering Laravel<br /> Validation Rules
Mastering Laravel
Validation Rules
Aaron Saray / Joel Clermont
Get the book
Battle ready Laravel
Battle ready Laravel
Ash Allen
Get the book
Laravel Packages Security

Secure your REST API in 5 minutes with Laravel Sanctum

Benjamin Crozat
Published on Jan 16, 2024 0 comments Edit on GitHub
Secure your REST API in 5 minutes with Laravel Sanctum

Introduction to Laravel Sanctum and how it helps securing REST APIs

Laravel Sanctum is a package for Laravel that provides a simple way to secure your REST API. For instance, in case you want your users to be able to build services top of your application.

That being said, the official documentation is extensive and you probably don’t have that kind of time. So I hope my quick guide will serve you well.

Install Laravel Sanctum via Composer

The package now comes installed by default in any new Laravel application.

If for some reason you don’t have Laravel Sanctum in your project, install it using Composer:

composer require laravel/sanctum

Once done, publish Sanctum’s configuration and migration files:

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

Finally, run your database migrations:

php artisan migrate

Issue API tokens to your users

You need to let your users generate tokens to consume your API.

Add the Laravel\Sanctum\HasApiTokens trait in your User model:

namespace App\Models;

use Laravel\Sanctum\HasApiTokens; // [tl! ++]

class User extends Authenticatable
{
    use HasApiTokens; // [tl! ++]
}

You can issue a token using the createToken method:

$token = $user->createToken('token-name')->plainTextToken;

Make sure to let the user know that the token is only shown once. If they lose it, they’ll have to generate a new one.

Protect your REST API routes with Sanctum’s auth guard

To secure your API routes, use the sanctum guard. This ensures that all incoming requests are authenticated:

Route::middleware('auth:sanctum')
    ->get('/api/user', function (Request $request) {
        return $request->user();
    });

Manage your users’ API tokens

Managing tokens is crucial for security. To revoke them, use:

// Revoke all tokens.
$user->tokens()->delete();

// Revoke a specific token.
$user->tokens()->where('id', $tokenId)->delete();

Conclusion

Securing your REST API with Laravel Sanctum is an effective way to manage authentication and prevent misuses without overcomplicating everything.

There’s a lot more to Laravel Sanctum and I encourage you to go read the official documentation.

Be the first to comment!

Get help or share something of value with other readers!

Sign in with GitHub
Great deals for enterprise developers
  • Summarize and talk to YouTube videos. Bypass ads, sponsors, chit-chat, and get to the point.
    Try Nobinge →
  • Monitor the health of your apps: downtimes, certificates, broken links, and more.
    20% off the first 3 months using the promo code CROZAT.
    Try Oh Dear for free
  • Keep the customers coming; monitor your Google rankings.
    30% off your first month using the promo code WELCOME30
    Try Wincher for free →
The latest community links
Share a link too →
- / -