Laravel 11 using Sanctum REST API Authentication Tutorial

Laravel 11 using Sanctum REST API Authentication Tutorial

In Laravel 11, the Sanctum Auth package allows users to create a Login and register a REST API by token-based authentication.

Let’s start installing and configuring Passport auth to create token-based authentication:

Prerequisites

Ensure the following tools are installed:

• Git: Version control system. Download from git-scm.com.

• PHP: Laravel requires PHP 7.3 or higher. Check version with:

  php -v
  

• Composer: Dependency manager for PHP. Download from getcomposer.org.

• Web Server: Laravel includes a built-in server for development. For production, use Apache or Nginx.

• Database: Install a supported DBMS like MySQL, PostgreSQL, or SQLite.

• Postman: A Tool for Testing APIs. Download from postman.com.

Laravel Sanctum Setup

Step 1: Create a Laravel Project (if not already done)

composer create-project --prefer-dist laravel/laravel sanctum-auth-example

Step 2: Install Laravel Sanctum

composer require laravel/sanctum

Step 3: Configure Sanctum

Update app/Models/User.php and add the HasApiTokens trait:

use Laravel\Sanctum\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;
    // ...
}

Also, implement your custom user ID logic inside the model’s boot() method.

Step 4: Create the Users Table

Generate a migration:

php artisan make:migration create_user_table

Update the generated migration file to define the structure of the users, password_reset_tokens, and sessions tables.

Step 5: Configure Authentication Guard

Edit config/auth.php:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'sanctum',
        'provider' => 'users',
    ],
],

Step 6: Configure Database

Update your .env file:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=your_db_name
DB_USERNAME=your_db_user
DB_PASSWORD=your_db_password

Step 7: Run Migrations

php artisan migrate

Step 8: Install Sanctum API Boilerplate

php artisan install:api

Step 9: Define API Routes

In routes/api.php:

use App\Http\Controllers\API\AuthenticationController;

Route::controller(AuthenticationController::class)->group(function () {
    Route::post("register", "register");
    Route::post("login", "login");
    Route::post("login/out", "logOut");
    Route::get("get-user", "userInfo")->middleware("auth:api");
});

Step 10: Create Authentication Controller

php artisan make:controller API/AuthenticationController

Implement register, login, and userInfo methods using Laravel's validation, authentication, and token features.

Step 11: Start Development Server

php artisan serve

Open the Postman application and call these API for testing:

Open the Postman application and call these API for testing:

* Register a User:

1. Open Postman.
2. Set the request type to POST.
3. Enter http://yourdomain.com/api/register in the address bar (replace yourdomain.com with your actual domain).
4. Go to the Body tab.
5. Choose x-www-form-urlencoded and select JSON.
6. Enter the user registration data in JSON format, including name, email, and password.
7. Click on the Send button to register the user.

* Login:

1. Set the request type to POST.
2. Enter the URL of your Laravel application followed by /api/login (e.g., http://yourdomain.com/api/login).
3. Go to the Body tab.
4. Select x-www-form-urlencoded and set the format to JSON.
5. Enter the user’s credentials (email and password) in JSON format.
6. Click on the Send button to log in. You will receive a token in the response if the login is successful.

* Get User Info:

1. Set the request type to GET.
2. Enter the URL of your Laravel application followed by /api/get-user (e.g., http://yourdomain.com/api/get-user).
3. Go to the Headers tab.
4. Add a new header with the key Authorization and the value, where <token> the token is obtained during the login process.
5. Click on the Send button to get the user information.

Click to Download Project