Laravel 12 JWT Users Management API – Step by Step Guide

In this guide, we’ll create a Users Management API using Laravel 12, JWT authentication, and User CRUD operations.
We’ll also test everything step by step with Postman.

Step 1: User CRUD Controller

Generate controller:

php artisan make:controller Api/UserController

Edit app/Http/Controllers/Api/UserController.php:

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;

class UserController extends Controller
{
    // List all users
    public function index() {
        return response()->json(User::all(), 200);
    }

    // Create user
    public function store(Request $request) {
        $request->validate([
            'name'=>'required|string|max:255',
            'email'=>'required|email|unique:users,email',
            'password'=>'required|string|min:6',
        ]);

        $user = User::create([
            'name'=>$request->name,
            'email'=>$request->email,
            'password'=>Hash::make($request->password),
        ]);

        return response()->json($user, 201);
    }

    // Show user
    public function show($id) {
        return response()->json(User::findOrFail($id), 200);
    }

    // Update user
    public function update(Request $request, $id) {
        $user = User::findOrFail($id);

        $request->validate([
            'name'=>'sometimes|string|max:255',
            'email'=>['sometimes','email',Rule::unique('users')->ignore($user->id)],
            'password'=>'sometimes|string|min:6',
        ]);

        $user->update([
            'name'=>$request->name ?? $user->name,
            'email'=>$request->email ?? $user->email,
            'password'=>$request->password ? Hash::make($request->password) : $user->password,
        ]);

        return response()->json($user, 200);
    }

    // Delete user
    public function destroy($id) {
        User::findOrFail($id)->delete();
        return response()->json(['message'=>'User deleted successfully'], 200);
    }
}

Step 2: User Management Routes 

Method	URI	Action	Controller Method
GET	/users	List all users	index
POST	/users	Create a new user	store
GET	/users/{id}	Show a user	show
PUT	/users/{id}	Update a user	update
DELETE	/users/{id}	Delete a user	destroy

Step 3: Define API Routes

Edit routes/api.php:

<?php

use Illuminate\Support\Facades\Route;
use App\Http\Controllers\API\AuthController;
use App\Http\Controllers\API\UserController;

Route::prefix('auth')->group(function () {
    Route::post('register', [AuthController::class, 'register']);
    Route::post('login', [AuthController::class, 'login']);

    Route::middleware('auth:api')->group(function () {
        Route::get('profile', [AuthController::class, 'profile']);
        Route::post('logout', [AuthController::class, 'logout']);
        Route::post('refresh', [AuthController::class, 'refresh']);
    });
});

Route::middleware('auth:api')->group(function () {
    Route::get('/users', [UserController::class,'index']); // List users
    Route::post('/users', [UserController::class,'store']); // Create user
    Route::get('/users/{id}', [UserController::class,'show']); // Show user
    Route::put('/users/{id}', [UserController::class,'update']); // Update user
   Route::delete('/users/{id}', [UserController::class,'destroy']); // Delete user
});

Step 4: Test with Postman

👉 Base URL: http://127.0.0.1:8000/api

1. Register User

POST /auth/register
Body (JSON):

{
  "name": "StarCode Kh",
  "email": "starcodekh@example.com",
  "password": "password123"
}

2. Login User

POST /auth/login
Body (JSON):

{
  "email": "starcodekh@example.com",
  "password": "password123"
}

Response:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOi..."
}

Copy the token.

3. Get Profile

GET /auth/profile
Headers:

Authorization: Bearer {your_token}

4. Logout

POST /auth/logout
Headers:

Authorization: Bearer {your_token}

5. List Users

GET /users
Headers:

Authorization: Bearer {your_token}

6. Create User

POST /users
Headers:

Authorization: Bearer {your_token}

Body (JSON):

{
  "name": "Soeng Souy",
  "email": "soengsouy@example.com",
  "password": "secret123"
}

7. Show User

GET /users/2
Headers:

Authorization: Bearer {your_token}

8. Update User

PUT /users/2
Headers:

Authorization: Bearer {your_token}

Body (JSON):

{
  "name": "StarCode Kh",
  "password": "newpassword123"
}

9. Delete User

DELETE /users/2
Headers:

Authorization: Bearer {your_token}

✅ Conclusion

You now have:

• JWT Authentication (register, login, profile, logout)

• Full User CRUD (list, create, show, update, delete)

• Complete Postman examples with request/response JSON

🚀 This is production-ready and can be extended with:

• Password reset 🔑

• Email verification 📧

• User activity logs 📊

• API rate limiting ⚡

Want the full source code?

Download the complete Laravel 12 JWT API Authentication example on my GitHub repo here.

Happy Coding!