Laravel 12 REST API Authentication with Passport
In this tutorial, you’ll learn how to build a secure REST API in Laravel 12 using Laravel Passport for token-based authentication. We’ll cover everything from installation to testing with Postman.
Prerequisites
Before starting, ensure you have the following:
Step 1: Install Laravel 12 Project
First, create a new Laravel project:
Step 2: Install Laravel Passport
Use Composer to install Passport:
Step 3: Install Passport
This will:
-
Install the latest stable Laravel Passport (
v12.4.2
) -
Downgrade or upgrade conflicting dependencies (like
league/oauth2-server
) to compatible versions -
Resolve the
illuminate/auth
conflict automatically
Then run:
This will finally avoid the $keyPath
error.
Step 4: Add HasApiTokens to the User Model
In app/Models/User.php,
Import and use the HasApiTokens
trait:
Step 5: Update API Auth Guard
Open config/auth.php
and update the api
guard:
Step 6: Set Up Database
Edit the .env file and configure database details in it:
Step 7: Run Migrations
Run the default migrations, which also create Passport tables:
Step 8: Create API Routes
If the a install:api
A command is available; run it in your terminal:
This will automatically generate API controllers, routes, and configurations, and may also install any
Step 9: Define API Routes
Open routes/api.php
and define your auth routes:
Step 10: Create the AuthenticationController
Run the command to create a controller:
Step 11: Add Auth Logic in Controller
In app/Http/Controllers/API/AuthenticationController.php
, Add the following:
Step 12: Personal
To create a personal access client in Laravel, you can use the following Artisan command:
To create a personal access client in Laravel, you can use the following Artisan command:
Step 13: Serve the Application
Step 14: Test Routes in Postman
Action Method URL Auth Header Register POST http://localhost:8000/api/register - Login POST http://localhost:8000/api/login - Get User GET http://localhost:8000/api/get-user Bearer your_token
Logout POST http://localhost:8000/api/logout Bearer your_token
Action | Method | URL | Auth Header |
---|---|---|---|
Register | POST | http://localhost:8000/api/register | - |
Login | POST | http://localhost:8000/api/login | - |
Get User | GET | http://localhost:8000/api/get-user | Bearer your_token |
Logout | POST | http://localhost:8000/api/logout | Bearer your_token |
Step 15: Test the API with Postman
Register
-
Method:
POST
-
URL:
http://localhost:8000/api/register
-
Body (raw JSON):
Login
-
Method:
POST
-
URL:
http://localhost:8000/api/login
Access Protected Route
-
Method:
GET
-
URL:
http://localhost:8000/api/get-user
-
Header:
Authorization: Bearer YOUR_ACCESS_TOKEN
Logout
-
Method:
POST
-
URL:
http://localhost:8000/api/logout
Header:
Authorization: Bearer YOUR_ACCESS_TOKEN
Conclusion
You’ve successfully built a secure Laravel 12 REST API using Passport. You now have:
-
User Registration
-
Login with Access Token
-
Authenticated API Routes
-
Token-based Logout
Tips
-
Store tokens securely on the client side (e.g., in HTTP-only cookies or secure storage).
-
Use passport:client for password grant and other OAuth flows if needed.