Laravel development: How to implement API authentication using Laravel Sanctum?-Laravel-php.cn

Home

PHP Framework

Laravel

Laravel development: How to implement API authentication using Laravel Sanctum?

PHPz

Jun 14, 2023 am 08:21 AM

laravelsanctumapi verification

With the popularity of RESTful APIs and the widespread use of applications, more and more applications require authentication and authorization of APIs, so API security has become an extremely important aspect in today's software development. Laravel Sanctum is a lightweight authentication system introduced out of the box with Laravel 7.0, which is designed to make API authentication simple and secure. In this article, we will introduce how to use Sanctum in Laravel to ensure API security.

Installing Laravel Sanctum

Before we begin, we need to confirm that Laravel 7.0 version has been installed. Then we can use composer to install Laravel Sanctum dependencies:

composer require laravel/sanctum

After installing Sanctum, add the following code to the config/app.php file:

'providers' => [
    // ...
    LaravelSanctumSanctumServiceProvider::class,
],

'aliases' => [
    //...
    'Sanctum' => LaravelSanctumSanctum::class,
]

In this way, Laravel The application already uses the services and functions provided by Sanctum.

Configuring the database

Next, before performing database migration, we need to set up Sanctum’s database tables. Larav lSanctum provides a personal_access_tokens database table by default that contains the following fields:

id: The unique identifier of the token
tokenable_type: The class name of the model associated with the token
tokenable_id: The ID of the model associated with the token
name: The name of the token
token: The value of the API token
abilities: The authorization of the token

Before creating the personal_access_tokens table, we need to create the model relationship first. This can be done by registering the following in AuthServiceProvider:

use LaravelSanctumSanctum;
//...

public function boot()
{
    $this->registerPolicies(); 

    Sanctum::ignoreMigrations();

    Sanctum::actingAs( null, [
        'superuser'
    ]);
}

Sanctum::ignoreMigrations() is used to prevent Laravel from running the artisan migrate command Execute Sanctum's database migration file. However, in most cases we just add it to the command of the database migration file. Sanctum::actingAs() Also provides a development-only method that impersonates the user without user authentication.

Then we need to run the following command to create the personal_access_tokens table:

php artisan migrate

Create API Token

Laravel Sanctum is We provide two ways to generate tokens for the API. One is the CreateToken method, which can create one or more API tokens with optional names and granted permissions. Here we introduce the second method, which is to use the hasApiTokens() function with the createToken() function:

// use the HasApiTokens trait within your User Model
use LaravelSanctumHasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;

    // ...
}

// create a Token with User ID and given Abilities
$personalAccessToken = $user->createToken('API Token', ['server:get','server:post']);

Here we use in the user model HasApiTokensTrait to implement API token functionality in the user model. We use the createToken method to create an API token and specify an optional name and authorized permission key when creating the token.

Securing API Routes

With the API key in hand, we can inject it into every request for authentication. We can use sanctum middleware in Laravel's routing file to protect the API route in order to verify the token in the request:

// A Group of API routes that require a valid Token
Route::group(['middleware' => 'auth:sanctum'], function () {
    Route::get('/user', function (Request $request) {
        return $request->user();
    });
});

In this code, we define a validation containing sanctumMiddleware routing group. A route group contains a route that only requires a valid Token to access.

Using Bearer Token

Using BearerToken is the best way to send an API token via the HTTP Authorization header Common methods. You can authorize the token by adding Authorization: Bearer {{$personalAccessToken->plainTextToken}} to the request header:

curl -H "Authorization: Bearer xxxxx" http://example.com/api/user

Revoke API token

Finally, we need to understand how to revoke API tokens. We can use the tokens()->delete() function to delete all API tokens for a user, or use the revoke() function to revoke a single API token:

$user->tokens()->delete();

$personalAccessToken->revoke();

Conclusion

Now we have successfully implemented Sanctum authentication to protect our API. Sanctum and Laravel provide simple yet powerful API authentication, which allows developers to focus on building powerful APIs and put the main focus on business logic. When using Sanctum, it is highly recommended that you carefully read the official documentation so that you can fully understand the API's authentication process and ensure the highest security for your application.

The above is the detailed content of Laravel development: How to implement API authentication using Laravel Sanctum?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Laravel (PHP) vs. Python: Weighing the Pros and ConsApr 17, 2025 am 12:18 AM

Laravel is suitable for building web applications quickly, while Python is suitable for a wider range of application scenarios. 1.Laravel provides EloquentORM, Blade template engine and Artisan tools to simplify web development. 2. Python is known for its dynamic types, rich standard library and third-party ecosystem, and is suitable for Web development, data science and other fields.

Laravel vs. Python: Comparing Frameworks and LibrariesApr 17, 2025 am 12:16 AM

Laravel and Python each have their own advantages: Laravel is suitable for quickly building feature-rich web applications, and Python performs well in the fields of data science and general programming. 1.Laravel provides EloquentORM and Blade template engines, suitable for building modern web applications. 2. Python has a rich standard library and third-party library, and Django and Flask frameworks meet different development needs.

Laravel's Purpose: Building Robust and Elegant Web ApplicationsApr 17, 2025 am 12:13 AM

Laravel is worth choosing because it can make the code structure clear and the development process more artistic. 1) Laravel is based on PHP, follows the MVC architecture, and simplifies web development. 2) Its core functions such as EloquentORM, Artisan tools and Blade templates enhance the elegance and robustness of development. 3) Through routing, controllers, models and views, developers can efficiently build applications. 4) Advanced functions such as queue and event monitoring further improve application performance.

Laravel: Primarily a Backend Framework ExplainedApr 17, 2025 am 12:02 AM

Laravel is not only a back-end framework, but also a complete web development solution. It provides powerful back-end functions, such as routing, database operations, user authentication, etc., and supports front-end development, improving the development efficiency of the entire web application.

Laravel (PHP) vs. Python: Understanding Key DifferencesApr 17, 2025 am 12:01 AM

Laravel is suitable for web development, Python is suitable for data science and rapid prototyping. 1.Laravel is based on PHP and provides elegant syntax and rich functions, such as EloquentORM. 2. Python is known for its simplicity, widely used in Web development and data science, and has a rich library ecosystem.

Laravel in Action: Real-World Applications and ExamplesApr 16, 2025 am 12:02 AM

Laravelcanbeeffectivelyusedinreal-worldapplicationsforbuildingscalablewebsolutions.1)ItsimplifiesCRUDoperationsinRESTfulAPIsusingEloquentORM.2)Laravel'secosystem,includingtoolslikeNova,enhancesdevelopment.3)Itaddressesperformancewithcachingsystems,en

Laravel's Primary Function: Backend DevelopmentApr 15, 2025 am 12:14 AM

Laravel's core functions in back-end development include routing system, EloquentORM, migration function, cache system and queue system. 1. The routing system simplifies URL mapping and improves code organization and maintenance. 2.EloquentORM provides object-oriented data operations to improve development efficiency. 3. The migration function manages the database structure through version control to ensure consistency. 4. The cache system reduces database queries and improves response speed. 5. The queue system effectively processes large-scale data, avoid blocking user requests, and improve overall performance.

Laravel's Backend Capabilities: Databases, Logic, and MoreApr 14, 2025 am 12:04 AM

Laravel performs strongly in back-end development, simplifying database operations through EloquentORM, controllers and service classes handle business logic, and providing queues, events and other functions. 1) EloquentORM maps database tables through the model to simplify query. 2) Business logic is processed in controllers and service classes to improve modularity and maintainability. 3) Other functions such as queue systems help to handle complex needs.

See all articles