Get your next remote job on LaraJobs.

Secure your REST API in 5 minutes with Laravel Sanctum

Secure your REST API in 5 minutes with Laravel Sanctum

Introduction to Laravel Sanctum and how it helps securing REST APIs

Laravel Sanctum is a package for Laravel that provides a simple way to secure your REST API. For instance, in case you want your users to be able to build services top of your application.

That being said, the official documentation is extensive and you probably don’t have that kind of time. So I hope my quick guide will serve you well.

Install Laravel Sanctum via Composer

The package now come installed by default in any new Laravel application.

If for some reasons you don’t have Laravel Sanctum in your project, install it using Composer:

composer require laravel/sanctum

Once done, publish Sanctum’s configuration and migration files:

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

Finally, run your database migrations:

php artisan migrate

Issue API tokens to your users

You need to let your users generate tokens to consume your API.

Add the Laravel\Sanctum\HasApiTokens trait in your User model:

namespace App\Models;
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
use HasApiTokens;

You can issue a token using the createToken method:

$token = $user->createToken('token-name')->plainTextToken;

Make sure to let the user know that the token is only shown once. If they lose it, they’ll have to generate a new one.

Protect your REST API routes with Sanctum’s auth guard

To secure your API routes, use the sanctum guard. This ensures that all incoming requests are authenticated:

->get('/api/user', function (Request $request) {
return $request->user();

Manage your users’ API tokens

Managing tokens is crucial for security. To revoke them, use:

// Revoke all tokens.
// Revoke a specific token.
$user->tokens()->where('id', $tokenId)->delete();


Securing your REST API with Laravel Sanctum is an effective way to manage authentication and prevent misuses without overcomplicating everything.

There’s a lot more to Laravel Sanctum and I encourage you to go read the official documentation.

Be the first to comment!

Get help or share something of value with other readers!

Great deals for enterprise developers
The latest community links

Recommended articles

How to publish the various route files in Laravel 11

The new minimalist application skeleton in Laravel 11 comes with less route files. Here's how to install them.

7 Laravel RESTful APIs best practices for 2024

Master the art of crafting RESTful APIs with Laravel thanks to these best practices.

20+ Laravel best practices, tips and tricks to use in 2024

Learning a framework can be overwhelming, but time and execution will make you a master. Here are some best practices to help you toward your goal.

12 Laravel security best practices for 2024

Secure your Laravel app: protect sensitive files, keep your packages and Laravel updated, use policies, validate input, and more.

A complete history of Laravel's versions (2011-2024)

What's the current version of Laravel? Is there any LTS release you can rely on? And what about the history of the framework? Let's find out!

How does Laravel work? A crystal clear explanation.

Discover my step by step and simple explanation of how Laravel makes your life easier.

Laravel interview questions and answers for 2024

Nailing a Laravel job interview can be a daunting task, but with the right preparation and mindset, you can set yourself up for success.

9 testing best practices for Laravel in 2024

Are you familiar with testing? Good. Here are a bunch of best practices to help you level up even more!

- / -