Laravel 9 REST API with Passport Authentication Tutorial
Filter

Laravel 9 REST API with Passport Authentication Tutorial

by Souy Soeng /
Share

Laravel 9 REST API with Passport Authentication

Step 1: Install Laravel 9 App

composer create-project laravel/laravel example_api_passport

Step 2: Configure the Database

Edit .env and update the DB credentials:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=example_api_db
DB_USERNAME=root
DB_PASSWORD=

Step 3: Install Passport

Install Laravel Passport:

composer require laravel/passport

Then run:

php artisan migrate
php artisan passport:install

Step 4: Configure Passport

app/Models/User.php – Replace HasApiTokens from Sanctum with Passport’s version:

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;
    ...
}

config/auth.php – Set Passport as the API driver:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

App\Providers\AuthServiceProvider.php – Register Passport routes:

use Laravel\Passport\Passport;

public function boot()
{
    $this->registerPolicies();
    Passport::routes();
}

Step 5: Create API Routes

routes/api.php

use App\Http\Controllers\API\RegisterController;
use App\Http\Controllers\API\ProductController;

Route::post('register', [RegisterController::class, 'register']);
Route::post('login', [RegisterController::class, 'login']);

Route::middleware('auth:api')->group(function () {
    Route::resource('products', ProductController::class);
});

Step 6: Create Controller Files

Create a folder: app/Http/Controllers/API

BaseController

namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;

class BaseController extends Controller
{
    public function sendResponse($result, $message)
    {
        return response()->json([
            'success' => true,
            'data' => $result,
            'message' => $message,
        ], 200);
    }

    public function sendError($error, $errorMessages = [], $code = 404)
    {
        return response()->json([
            'success' => false,
            'message' => $error,
            'data' => $errorMessages
        ], $code);
    }
}

RegisterController

namespace App\Http\Controllers\API;

use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;

class RegisterController extends BaseController
{
    public function register(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'name' => 'required',
            'email' => 'required|email',
            'password' => 'required',
            'c_password' => 'required|same:password',
        ]);

        if ($validator->fails()) {
            return $this->sendError('Validation Error.', $validator->errors());
        }

        $input = $request->all();
        $input['password'] = bcrypt($input['password']);
        $user = User::create($input);
        $success['token'] = $user->createToken('MyApp')->accessToken;
        $success['name'] = $user->name;

        return $this->sendResponse($success, 'User registered successfully.');
    }

    public function login(Request $request)
    {
        if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
            $user = Auth::user();
            $success['token'] = $user->createToken('MyApp')->accessToken;
            $success['name'] = $user->name;

            return $this->sendResponse($success, 'User logged in successfully.');
        } else {
            return $this->sendError('Unauthorized.', ['error' => 'Unauthorized']);
        }
    }
}

Step 7: Run Laravel Server

php artisan serve

Step 8: Test with Postman

Use these headers for protected API routes:

Accept: application/json
Authorization: Bearer {access_token}

POST http://localhost:8000/api/register

{
  "name": "John Doe",
  "email": "john@example.com",
  "password": "123456",
  "c_password": "123456"
}

POST http://localhost:8000/api/login

{
  "email": "john@example.com",
  "password": "123456"
}

GET/POST/PUT/DELETE http://localhost:8000/api/products (use Bearer token)

Tag
Souy Soeng

Souy Soeng

Our website teaches and reads PHP, Framework Laravel, and how to download Admin template sample source code free. Thank you for being so supportive!

Github

Post a Comment

CAN FEEDBACK
close