Laravel 11 using Sanctum REST API Authentication Tutorial
Prerequisites
Ensure the following tools are installed:
-
Git: Version control system. Download from git-scm.com.
-
PHP: Laravel requires PHP 7.3 or higher. Check version with:
php -v
-
Composer: Dependency manager for PHP. Download from getcomposer.org.
-
Web Server: Laravel includes a built-in server for development. For production, use Apache or Nginx.
-
Database: Install a supported DBMS like MySQL, PostgreSQL, or SQLite.
-
Postman: A Tool for Testing APIs. Download from postman.com.
Laravel Sanctum Setup
Step 1: Create a Laravel Project (if not already done)
composer create-project --prefer-dist laravel/laravel sanctum-auth-example
Step 2: Install Laravel Sanctum
composer require laravel/sanctum
Step 3: Configure Sanctum
Update app/Models/User.php
and add the HasApiTokens
trait:
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
// ...
}
Also, implement your custom user ID logic inside the model’s boot()
method.
Step 4: Create the Users Table
Generate a migration:
php artisan make:migration create_user_table
Update the generated migration file to define the structure of the users
, password_reset_tokens
, and sessions
tables.
Step 5: Configure Authentication Guard
Edit config/auth.php
:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'sanctum',
'provider' => 'users',
],
],
Step 6: Configure Database
Update your .env
file:
DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=your_db_name DB_USERNAME=your_db_user DB_PASSWORD=your_db_password
Step 7: Run Migrations
php artisan migrate
Step 8: Install Sanctum API Boilerplate
php artisan install:api
Step 9: Define API Routes
In routes/api.php
:
use App\Http\Controllers\API\AuthenticationController;
Route::controller(AuthenticationController::class)->group(function () {
Route::post("register", "register");
Route::post("login", "login");
Route::post("login/out", "logOut");
Route::get("get-user", "userInfo")->middleware("auth:api");
});
Step 10: Create Authentication Controller
php artisan make:controller API/AuthenticationController
Implement register
, login
, and userInfo
methods using Laravel's validation, authentication, and token features.
Step 11: Start Development Server
php artisan serve
- Open Postman.
- Set the request type to POST.
- Enter http://yourdomain.com/api/register in the address bar (replace yourdomain.com with your actual domain).
- Go to the Body tab.
- Choose x-www-form-urlencoded and select JSON.
- Enter the user registration data in JSON format, including name, email, and password.
- Click on the Send button to register the user.
- Set the request type to POST.
- Enter the URL of your Laravel application followed by /api/login (e.g., http://yourdomain.com/api/login).
- Go to the Body tab.
- Select x-www-form-urlencoded and set the format to JSON.
- Enter the user’s credentials (email and password) in JSON format.
- Click on the Send button to log in. You will receive a token in the response if the login is successful.
- Set the request type to GET.
- Enter the URL of your Laravel application followed by /api/get-user (e.g., http://yourdomain.com/api/get-user).
- Go to the Headers tab.
- Add a new header with the key Authorization and the value, where <token> the token is obtained during the login process.
- Click on the Send button to get the user information.