Building API Authentication with Laravel Passport

Building API Authentication

Introduction

API stands for Application Programming Interface. It is a  code or interface in Java that allows smooth communication Among software or programs, in this case using the same packages. RESTful APIs are fundamental for modern JavaScript frameworks or building mobile applications. The user needs tokens for authorization or authentication of the application. In the case of software development, API handles data through HTTP requests and manages CRUD operations.

Laravel is a platform that makes the building of APIs extremely easy. By using the Laravel passport, one can quickly secure the backend of the applications by authenticating the users through API. In the API ecosystem, one does not maintain the session state among requests. This article will guide you step by step to provide an additional layer of security to your Laravel APIs.

Laravel Passport: what is it?

In simple words, Laravel passport is an API authentication package and an OAuth2 server. It is a platform containing a substantial amount of boilerplate codes for the authentication of users. To implement the packages, including functions for generating tokens, migration tables, or authentication of Middleware,  one just needs to adjust some basic configurations on the Laravel passport platform. Software companies have a demand for people with vast knowledge of Laravel and are looking forward to hire Laravel developers.

Requirements:

  • COMPOSER – globally installed to manage dependencies
  • POSTMAN – to test the endpoints
  • Basic knowledge of application building.

Installing Laravel Passport:

  • For installation of Laravel Passport, first, you need to run the mentioned.

command:

composer require laravel/passport

  • Once the installation of the passport package is successful, the following step is passport migration for storing the tokens in new tables.

php artisan migrate

  • After the migration of the tables, running the following command will install it completely.

php artisan passport:install

  • Code for the configuration of the passport module; you need to open the app/Models/User.php file to include the HasApiTokens trait in the user model.

In the following section, we will configure the passport’s routes controller of authentication.

  • You have to add the Passport::routes method in the AuthServiceProvider to generate the necessary routes. We can specify the default lifetime expiry date of personal access tokens that we are issuing to the users using the boot() function.
  • We need to set the passport as the API authentication guard. By modifying the config/auth.php, henceforth, all applications can use Passport’s TokenGuard to authenticate all incoming API requests.
  • Our primary focus is ensuring that only authenticated users can access the specified routes. To focus on this aspect, you need to protect the /user and /logout endpoints and keep the /login and /signup  endpoints publicly accessible.

Next, we will create routes by adding routes in the routes/api.php file.

We also need to create an API controller for the REST API in Laravel.

  • For this purpose, we need to run the below-mentioned Artisan command to create a new controller.

🌕 php artisan make: controller ApiController.php

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use App\Traits\ApiResponser;
use Illuminate\Http\Request;
use Laravel\Passport\Passport;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

class AuthController extends Controller
{
use ApiResponser;

public function login(Request $request)
{
$attr = $this->validateLogin($request);

if (!Auth::attempt($attr)) {
return $this->error(‘Credentials mismatch’, 401);
}

return $this->token($this->getPersonalAccessToken());
}

public function signup(Request $request)
{
$attr = $this->validateSignup($request);

User::create([
‘name’ => $attr[‘name’],
’email’ => $attr[’email’],
‘password’ => Hash::make($attr[‘password’])
]);

Auth::attempt([’email’ => $attr[’email’], ‘password’ => $attr[‘password’]]);

return $this->token($this->getPersonalAccessToken(), ‘User Created’, 201);
}

public function user()
{
return $this->success(Auth::user());
}

public function logout()
{
Auth::user()->token()->revoke();
return $this->success(‘User Logged Out’, 200);
}

public function getPersonalAccessToken()
{
if (request()->remember_me === ‘true’)
Passport::personalAccessTokensExpireIn(now()->addDays(15));

return Auth::user()->createToken(‘Personal Access Token’);
}

public function validateLogin($request)
{
return $request->validate([
’email’ => ‘required|string|email|max:255’,
‘password’ => ‘required|string|min:6’,
]);
}

public function validateSignup($request)
{
return $request->validate([
‘name’ => ‘required|string’,
’email’ => ‘required|string|email|max:255|unique:users’,
‘password’ => ‘required|string|min:6|confirmed’,
]);
}
}

Here, in the signup() function, you need to create a new user according to the data requested by validating the data provided.

  • To generate a token, we can call a function getPersonalAccessToken().

The lifetime of the token can be stretched when we set the remember_me value to ‘true.’

  • Since the Passport Middleware protects the /user endpoint, we will always have access to the Auth::user() function.

After we have successfully created a controller for authentication, it is time to test the REST API. You can either use a virtual host for testing or test it on the PHP development server.

Generally, we use tools like Postman to test our API endpoints.

To initiate this process, you shall start by getting an access token for an already registered user. You can send a GET request to “API/login” by incorporating the email and password as parameters. If not registered,

  • Registration of API: Open The postman application and define “Accept”: application/JSON
  • Login Passport API: used to copy the bearer token and set it in the header section of the app. For logging in, you will have to check out the Laravel passport endpoint.
  • We need to set accurate authenticity to execute the CRUD operations. You will be receiving an access token after a successful registration. This access token’s manifestation establishes coherence with authorization to ensure secure transmission of data with the server.

You should save the access token as a

Bearer token in the authorization header.

Conclusion

Ultimately we completed The Laravel passport API tutorial. You can go through all the described foundation steps to build on this and design a secure API using Laravel passport. Mastering this process of developing secure APIs in Laravel Passport can ensure you get hired as a Laravel developer. Errors may arise in any step, depending on the code and its application, but through a continuous process of trial and error, one can develop a secure API quickly.


Subscribe to Our Newsletter

Related Articles

Top Trending

Best travel habits to keep
The Best Travel Habits to Keep After You Return Home [My Personal POV]
SEO tactics SaaS
11 SEO Tactics Specific to SaaS Teams That Want Qualified Traffic, Not Empty Visits
Is VAR Ruining Football
Is VAR Ruining Football: 10 Controversies, Benefits, and Personal Verdict
online class platforms featured image of a Parent helping a child attend an online homeschool class, showing guided virtual learning at home.
7 Best Online Class Platforms for Homeschoolers
Publishing team analyzing reader data and audience profiles for Audience Persona Development for Publishers in a modern office.
Audience Persona Development for Publishers: Build Better Content

Fintech & Finance

ELSS SIP Calculator
ELSS SIP Calculator: Tax Saving + Wealth Building Explained
Tracking Small-Cap Stocks on Fintechzoom.com Russell 2000
Fintechzoom.com Russell 2000: The Complete Guide to Tracking Small-Cap Stocks in 2026
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Founder comparing the Best Accounting Tools for Founders on a startup finance dashboard
9 Best Accounting Tools for Founders to Keep Startup Finances Clean

Sustainability & Living

Plastic-Free Grocery Swaps
8 Plastic-Free Grocery Shopping Swaps That Actually Work
Sustainable Bathroom Swaps
11 Sustainable Bathroom Swaps for a Waste-Free Routine
Career Changes for Climate Impact
7 Career Changes for Climate Impact That Use the Skills You Already Have
Reducing Food Waste Home
Reducing Food Waste at Home: Smarter Meal Planning and Ingredient Storage
Reducing Fashion Waste
Reducing Fashion Waste: How to Fix, Clean, and Preserve Your Wardrobe

GAMING

Mortdog left Riot Games
Mortdog Leaves Riot Games: Is This the End of TFT as We Know It?
Quality Assurance & Game Testing
Top 10 Gaming SMEs Specializing in Quality Assurance & Game Testing in India
$70 Game Deals
Why $70 Game Deals Are Mostly Never Worth It
why AAA games look the same
Why AAA Games Look the Same Even When They Cost More Than Ever
Foullrop85j.08.47h Gaming
Foullrop85j.08.47h Gaming: What It Really Is and Why You Should Be Skeptical

Business & Marketing

Best Founder Resources
23 Best Founder Resources: A Practical Guide for Early-Stage Startups
Best Free Courses Aspiring Founders
The 7 Best Free Courses Aspiring Founders Should Take Before Building
best templates founders
11 Best Templates Founders Need to Build Smarter
Enter a new country without legal entity
The Fastest Way to Enter a New Country Without Establishing a Legal Entity
Promotional talent live events
How Promotional Talent Helps Brands Make an Impact at Live Events

Technology & AI

SEO tactics SaaS
11 SEO Tactics Specific to SaaS Teams That Want Qualified Traffic, Not Empty Visits
best newsletters SaaS founders
11 Best Newsletters SaaS Founders Should Read for Growth
Best Local LLMs You Can Run On A Laptop
Best Local LLMs You Can Run On A Laptop: A Complete Hardware And Setup Guide
How To Reduce AI Hallucinations In Long Documents guide
How To Reduce AI Hallucinations In Long Documents: Proven Strategies Explained
best startup books founders
9 Best Startup Books for Founders Who Need Practical Advice

Fitness & Wellness

A Complete Guide on TheLifestyleEdge com
The Lifestyle Edge: Your Complete Guide to Wellness and Modern Living
Stretching Accessories That Make a Difference
7 Stretching Accessories That Make a Difference for Flexibility, Mobility, and Recovery
air quality wellness devices
13 Air Quality and Wellness Devices Worth Considering for a Healthier Home
habits reduce stress
7 Habits That Reduce Stress Long Term and Feel Calmer Daily
habits better focus
11 Habits for Better Focus That Actually Work