Laravel Sanctum and Authentication API

In modern web application development, user authentication and data security are important requirements. Laravel Sanctum, an extension of Laravel, provides us an easy way to build and manage API authentication system. In this article, we will learn about how to use Laravel Sanctum and apply it to web application development.

Before we start using Laravel Sanctum, we need to install it into our Laravel application. First, run the composer command to install the Sanctum package:

composer require laravel/sanctum

composer require laravel/sanctum

Once the installation is successful, we need to run the Artisan commands to deploy the database to Sanctum:

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"php artisan migrate

Laravel Sanctum allows us to generate API tokens to authenticate users. This allows users to send API requests containing tokens to confirm their identity and access secure resources.

Here is an example of how to register a user and generate an authentication token in Laravel:

use App\Models\User;use Illuminate\Http\Request;use Illuminate\Support\Facades\Hash;public function register(Request $request){ $request->validate([ 'name' => 'required', 'email' => 'required|email|unique:users', 'password' => 'required|min:6', ]); $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), ]); $token = $user->createToken('api-token')->plainTextToken; return response()->json(['token' => $token], 201);}

In the above example, we use the createToken method of the user object to create a new authentication token called 'api-token'. We then return that token as JSON so that the user can store it and use it for subsequent API requests.

Once the user has an authentication token, we can use it to authenticate API requests. Laravel Sanctum provides middleware to protect resources that can only be accessed when a valid token is sent with the request.

To protect an API using Sanctum middleware, we need to add 'auth:sanctum' middleware to the respective route or controller. Here is an example of how to protect an API and access user information in the corresponding Route and Controller:

Route::middleware(['auth:sanctum'])->group(function () { // ...});

use App\Http\Controllers\Controller;use Illuminate\Http\Request;class ApiController extends Controller{ public function __construct() { $this->middleware('auth:sanctum'); } public function getUser(Request $request) { $user = $request->user(); return response()->json(['user' => $user], 200); }}