简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > PHP Framework > Laravel > body text

Laravel development: How to implement API authentication using Laravel Sanctum?

PHPz
Release: 2023-06-14 08:21:47
Original
2095 people have browsed it

With the popularity of RESTful APIs and the widespread use of applications, more and more applications require authentication and authorization of APIs, so API security has become an extremely important aspect in today's software development. Laravel Sanctum is a lightweight authentication system introduced out of the box with Laravel 7.0, which is designed to make API authentication simple and secure. In this article, we will introduce how to use Sanctum in Laravel to ensure API security.

  1. Installing Laravel Sanctum

Before we begin, we need to confirm that Laravel 7.0 version has been installed. Then we can use composer to install Laravel Sanctum dependencies: 

composer require laravel/sanctum
Copy after login

After installing Sanctum, add the following code to the config/app.php file: 

'providers' => [
    // ...
    LaravelSanctumSanctumServiceProvider::class,
],

'aliases' => [
    //...
    'Sanctum' => LaravelSanctumSanctum::class,
]
Copy after login

In this way, Laravel The application already uses the services and functions provided by Sanctum.

  1. Configuring the database

Next, before performing database migration, we need to set up Sanctum’s database tables. Larav lSanctum provides a personal_access_tokens database table by default that contains the following fields:

  • id: The unique identifier of the token
  • tokenable_type: The class name of the model associated with the token
  • tokenable_id: The ID of the model associated with the token
  • name: The name of the token
  • token: The value of the API token
  • abilities: The authorization of the token

Before creating the personal_access_tokens table, we need to create the model relationship first. This can be done by registering the following in AuthServiceProvider: 

use LaravelSanctumSanctum;
//...

public function boot()
{
    $this->registerPolicies(); 

    Sanctum::ignoreMigrations();

    Sanctum::actingAs( null, [
        'superuser'
    ]);
}
Copy after login

Sanctum::ignoreMigrations() is used to prevent Laravel from running the artisan migrate command Execute Sanctum's database migration file. However, in most cases we just add it to the command of the database migration file. Sanctum::actingAs() Also provides a development-only method that impersonates the user without user authentication.

Then we need to run the following command to create the personal_access_tokens table: 

php artisan migrate
Copy after login
  1. Create API Token

Laravel Sanctum is We provide two ways to generate tokens for the API. One is the CreateToken method, which can create one or more API tokens with optional names and granted permissions. Here we introduce the second method, which is to use the hasApiTokens() function with the createToken() function: 

// use the HasApiTokens trait within your User Model
use LaravelSanctumHasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;

    // ...
}

// create a Token with User ID and given Abilities
$personalAccessToken = $user->createToken('API Token', ['server:get','server:post']);
Copy after login

Here we use in the user model HasApiTokensTrait to implement API token functionality in the user model. We use the createToken method to create an API token and specify an optional name and authorized permission key when creating the token.

  1. Securing API Routes

With the API key in hand, we can inject it into every request for authentication. We can use sanctum middleware in Laravel's routing file to protect the API route in order to verify the token in the request: 

// A Group of API routes that require a valid Token
Route::group(['middleware' => 'auth:sanctum'], function () {
    Route::get('/user', function (Request $request) {
        return $request->user();
    });
});
Copy after login

In this code, we define a validation containing sanctumMiddleware routing group. A route group contains a route that only requires a valid Token to access.

  1. Using Bearer Token

Using BearerToken is the best way to send an API token via the HTTP Authorization header Common methods. You can authorize the token by adding Authorization: Bearer {{$personalAccessToken->plainTextToken}} to the request header: 

curl -H "Authorization: Bearer xxxxx" http://example.com/api/user
Copy after login
  1. Revoke API token

Finally, we need to understand how to revoke API tokens. We can use the tokens()->delete() function to delete all API tokens for a user, or use the revoke() function to revoke a single API token:

$user->tokens()->delete();

$personalAccessToken->revoke();
Copy after login

Conclusion

Now we have successfully implemented Sanctum authentication to protect our API. Sanctum and Laravel provide simple yet powerful API authentication, which allows developers to focus on building powerful APIs and put the main focus on business logic. When using Sanctum, it is highly recommended that you carefully read the official documentation so that you can fully understand the API's authentication process and ensure the highest security for your application.

The above is the detailed content of Laravel development: How to implement API authentication using Laravel Sanctum?. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
laravel sanctum api verification
source:php.cn
Previous article:Laravel development: How to build a database model using Laravel Eloquent? Next article:Laravel Development: How to validate request data using Laravel Validation?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
How to use laravel components with livewire lazy placeholder I want to add the skeleton of my laravel component inside a livewire3 placeholder What I h...
From 2024-04-06 20:02:10
0
2
543
Laravel 8 - How to redirect /{editable_text} route to /{user} route I've been trying to create a redirect route to lead me to a user profile. The redirect rou...
From 2024-04-06 17:26:11
0
1
410
General error in Laravel 9.x: Field 'id' has no default value I'm using UUIDs in my app and I've implemented the trait as shown online like this: traitU...
From 2024-04-06 11:12:54
0
1
350
Display AWS PDF files in Bootstrap mode in Laravel I have downloaded aws url like https://xxx-xx-dev.s3.ap-south-1.amazonaws.com/std_check/65...
From 2024-04-04 22:16:18
0
1
1450
How to access "type" property in "students" array in API response using Flutter, Laravel and PHP? "data":{"id":9,"name":"tala","role":&quo...
From 2024-04-04 19:25:13
0
1
288
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!