Laravel 9 REST API with Passport Authentication Tutorial
Filter

Laravel 9 REST API with Passport Authentication Tutorial

by Souy Soeng /
Share

Laravel 9 REST API with Passport Authentication

Step 1: Install Laravel 9 App

composer create-project laravel/laravel example_api_passport

Step 2: Configure the Database

Edit .env and update the DB credentials:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=example_api_db
DB_USERNAME=root
DB_PASSWORD=

Step 3: Install Passport

Install Laravel Passport:

composer require laravel/passport

Then run:

php artisan migrate
php artisan passport:install

Step 4: Configure Passport

app/Models/User.php – Replace HasApiTokens from Sanctum with Passport’s version:

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;
    ...
}

config/auth.php – Set Passport as the API driver:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

App\Providers\AuthServiceProvider.php – Register Passport routes:

use Laravel\Passport\Passport;

public function boot()
{
    $this->registerPolicies();
    Passport::routes();
}

Step 5: Create API Routes

routes/api.php

use App\Http\Controllers\API\RegisterController;
use App\Http\Controllers\API\ProductController;

Route::post('register', [RegisterController::class, 'register']);
Route::post('login', [RegisterController::class, 'login']);

Route::middleware('auth:api')->group(function () {
    Route::resource('products', ProductController::class);
});

Step 6: Create Controller Files

Create a folder: app/Http/Controllers/API

BaseController

namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;

class BaseController extends Controller
{
    public function sendResponse($result, $message)
    {
        return response()->json([
            'success' => true,
            'data' => $result,
            'message' => $message,
        ], 200);
    }

    public function sendError($error, $errorMessages = [], $code = 404)
    {
        return response()->json([
            'success' => false,
            'message' => $error,
            'data' => $errorMessages
        ], $code);
    }
}

RegisterController

namespace App\Http\Controllers\API;

use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;

class RegisterController extends BaseController
{
    public function register(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'name' => 'required',
            'email' => 'required|email',
            'password' => 'required',
            'c_password' => 'required|same:password',
        ]);

        if ($validator->fails()) {
            return $this->sendError('Validation Error.', $validator->errors());
        }

        $input = $request->all();
        $input['password'] = bcrypt($input['password']);
        $user = User::create($input);
        $success['token'] = $user->createToken('MyApp')->accessToken;
        $success['name'] = $user->name;

        return $this->sendResponse($success, 'User registered successfully.');
    }

    public function login(Request $request)
    {
        if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
            $user = Auth::user();
            $success['token'] = $user->createToken('MyApp')->accessToken;
            $success['name'] = $user->name;

            return $this->sendResponse($success, 'User logged in successfully.');
        } else {
            return $this->sendError('Unauthorized.', ['error' => 'Unauthorized']);
        }
    }
}

Step 7: Run Laravel Server

php artisan serve

Step 8: Test with Postman

Use these headers for protected API routes:

Accept: application/json
Authorization: Bearer {access_token}

POST http://localhost:8000/api/register

{
  "name": "John Doe",
  "email": "john@example.com",
  "password": "123456",
  "c_password": "123456"
}

POST http://localhost:8000/api/login

{
  "email": "john@example.com",
  "password": "123456"
}

GET/POST/PUT/DELETE http://localhost:8000/api/products (use Bearer token)

Tag
Souy Soeng

Souy Soeng

Hi there 👋, I’m Soeng Souy (StarCode Kh)
-------------------------------------------
🌱 I’m currently creating a sample Laravel and React Vue Livewire
👯 I’m looking to collaborate on open-source PHP & JavaScript projects
💬 Ask me about Laravel, MySQL, or Flutter
⚡ Fun fact: I love turning ☕️ into code!

Post a Comment

CAN FEEDBACK
close