Laravel 9 REST API Authentication using Sanctum Tutorial
Filter

Laravel 9 REST API Authentication using Sanctum Tutorial

by Souy Soeng /
Share

Laravel 9 Sanctum API Authentication

Step 1: Install Laravel 9 (Optional)

If you haven't created your Laravel app yet:

composer create-project laravel/laravel example_api
cd example_api

Step 2: Install Laravel Sanctum

Install Sanctum via Composer:

composer require laravel/sanctum

Publish Sanctum’s config file:

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

Run database migrations to create Sanctum's tables:

php artisan migrate

Step 3: Sanctum Configuration

Add Middleware

Open app/Http/Kernel.php and update the api middleware group:

'api' => [
    \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
    'throttle:api',
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
],

Modify User.php Model

Edit app/Models/User.php to include the Sanctum trait:

use Laravel\Sanctum\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;
    // ...
}

Step 4: Create API Routes

Edit routes/api.php:

use App\Http\Controllers\API\RegisterController;

// Public routes
Route::controller(RegisterController::class)->group(function () {
    Route::post('register', 'register');
    Route::post('login', 'login');
});

// Protected routes
Route::middleware('auth:sanctum')->controller(RegisterController::class)->group(function () {
    Route::get('users', 'index')->name('index');
});

Step 5: Create Controller Files

Create a folder: app/Http/Controllers/API/ and then:

BaseController.php

namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;

class BaseController extends Controller
{
    public function sendResponse($result, $message)
    {
        return response()->json(['success' => true, 'data' => $result, 'message' => $message], 200);
    }

    public function sendError($error, $errorMessages = [], $code = 404)
    {
        $response = ['success' => false, 'message' => $error];
        if (!empty($errorMessages)) $response['data'] = $errorMessages;
        return response()->json($response, $code);
    }
}

RegisterController.php

namespace App\Http\Controllers\API;

use App\Http\Controllers\API\BaseController;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Validator;

class RegisterController extends BaseController
{
    public function index()
    {
        $users = User::all();
        return $this->sendResponse($users, 'Displaying all users data');
    }

    public function register(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'name' => 'required',
            'email' => 'required|email',
            'password' => 'required',
            'c_password' => 'required|same:password',
        ]);

        if ($validator->fails()) {
            return $this->sendError('Validation Error.', $validator->errors());
        }

        $input = $request->all();
        $input['password'] = bcrypt($input['password']);
        $user = User::create($input);

        $success['token'] = $user->createToken('MyApp')->plainTextToken;
        $success['name'] = $user->name;

        return $this->sendResponse($success, 'User registered successfully.');
    }

    public function login(Request $request)
    {
        if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
            $user = Auth::user();
            $success['token'] = $user->createToken('MyApp')->plainTextToken;
            $success['name'] = $user->name;

            return $this->sendResponse($success, 'User logged in successfully.');
        }

        return $this->sendError('Unauthorised.', ['error' => 'Unauthorised']);
    }
}

Step 6: Run the Laravel App

Start the Laravel development server:

php artisan serve

Your app will be running at http://localhost:8000.

Step 7: Test APIs Using Postman

Set Headers in Postman:

"headers": {
  "Accept": "application/json",
  "Authorization": "Bearer <access_token>"
}

API Endpoints:

ActionMethodEndpoint
RegisterPOSThttp://localhost:8000/api/register
LoginPOSThttp://localhost:8000/api/login
Get UsersGEThttp://localhost:8000/api/users

Note: Use the token from login response as the Bearer token for accessing protected routes.

Optional: Clone Project from GitLab

git clone https://gitlab.com/SoengSouy/hr_ms_laravel8.git
cd hr_ms_laravel8
composer install
cp .env.example .env
php artisan key:generate
php artisan migrate
php artisan serve
Tag
Souy Soeng

Souy Soeng

Hi there 👋, I’m Soeng Souy (StarCode Kh)
-------------------------------------------
🌱 I’m currently creating a sample Laravel and React Vue Livewire
👯 I’m looking to collaborate on open-source PHP & JavaScript projects
💬 Ask me about Laravel, MySQL, or Flutter
⚡ Fun fact: I love turning ☕️ into code!

Post a Comment

CAN FEEDBACK
close