Laravel 12 JWT Users Management API – Step by Step Guide
Filter

Laravel 12 JWT Users Management API – Step by Step Guide

by Souy Soeng /
Share

In this guide, we’ll create a Users Management API using Laravel 12, JWT authentication, and User CRUD operations.
We’ll also test everything step by step with Postman.

Step 1: Install JWT Authentication

Run in your project root:

composer require tymon/jwt-auth

Publish the configuration:

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

Generate a secret key:

php artisan jwt:secret

Step 2: Update User Model

Edit app/Models/User.php:

use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

class User extends Authenticatable implements JWTSubject
{
    use Notifiable;

    protected $fillable = [
        'name', 'email', 'password',
    ];

    protected $hidden = [
        'password',
    ];

    public function getJWTIdentifier()
    {
        return $this->getKey();
    }

    public function getJWTCustomClaims()
    {
        return [];
    }
}

Step 3: Authentication Controller

Create the controller:

php artisan make:controller Api/AuthController

Update app/Http/Controllers/Api/AuthController.php:

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Tymon\JWTAuth\Facades\JWTAuth;

class AuthController extends Controller
{
    // Register
    public function register(Request $request) {
        $request->validate([
            'name'=>'required|string|max:255',
            'email'=>'required|email|unique:users',
            'password'=>'required|string|min:6',
        ]);

        $user = User::create([
            'name'=>$request->name,
            'email'=>$request->email,
            'password'=>Hash::make($request->password),
        ]);

        $token = JWTAuth::fromUser($user);

        return response()->json(['user'=>$user, 'token'=>$token], 201);
    }

    // Login
    public function login(Request $request) {
        $credentials = $request->only('email','password');

        if(!$token = auth()->attempt($credentials)) {
            return response()->json(['error'=>'Invalid credentials'], 401);
        }

        return response()->json(['token'=>$token], 200);
    }

    // Profile
    public function profile() {
        return response()->json(auth()->user());
    }

    // Logout
    public function logout() {
        auth()->logout();
        return response()->json(['message'=>'Successfully logged out']);
    }
}

Step 4: User CRUD Controller

Generate controller:

php artisan make:controller Api/UserController

Edit app/Http/Controllers/Api/UserController.php:

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;

class UserController extends Controller
{
    // List all users
    public function index() {
        return response()->json(User::all(), 200);
    }

    // Create user
    public function store(Request $request) {
        $request->validate([
            'name'=>'required|string|max:255',
            'email'=>'required|email|unique:users,email',
            'password'=>'required|string|min:6',
        ]);

        $user = User::create([
            'name'=>$request->name,
            'email'=>$request->email,
            'password'=>Hash::make($request->password),
        ]);

        return response()->json($user, 201);
    }

    // Show user
    public function show($id) {
        return response()->json(User::findOrFail($id), 200);
    }

    // Update user
    public function update(Request $request, $id) {
        $user = User::findOrFail($id);

        $request->validate([
            'name'=>'sometimes|string|max:255',
            'email'=>['sometimes','email',Rule::unique('users')->ignore($user->id)],
            'password'=>'sometimes|string|min:6',
        ]);

        $user->update([
            'name'=>$request->name ?? $user->name,
            'email'=>$request->email ?? $user->email,
            'password'=>$request->password ? Hash::make($request->password) : $user->password,
        ]);

        return response()->json($user, 200);
    }

    // Delete user
    public function destroy($id) {
        User::findOrFail($id)->delete();
        return response()->json(['message'=>'User deleted successfully'], 200);
    }
}

Step 5: Define API Routes

Edit routes/api.php:

use App\Http\Controllers\Api\AuthController;
use App\Http\Controllers\Api\UserController;

Route::post('/auth/register', [AuthController::class,'register']);
Route::post('/auth/login', [AuthController::class,'login']);

Route::group(['middleware'=>'jwt.auth'], function() {
    Route::get('/auth/profile', [AuthController::class,'profile']);
    Route::post('/auth/logout', [AuthController::class,'logout']);

    Route::get('/users', [UserController::class,'index']);
    Route::post('/users', [UserController::class,'store']);
    Route::get('/users/{id}', [UserController::class,'show']);
    Route::put('/users/{id}', [UserController::class,'update']);
    Route::delete('/users/{id}', [UserController::class,'destroy']);
});

Step 6: Configure JWT Middleware

In app/Http/Kernel.php, add:

'jwt.auth' => \Tymon\JWTAuth\Http\Middleware\Authenticate::class,

Step 7: Test with Postman

👉 Base URL: http://127.0.0.1:8000/api

1. Register User

POST /auth/register
Body (JSON):

{
  "name": "StarCode Kh",
  "email": "starcodekh@example.com",
  "password": "password123"
}

2. Login User

POST /auth/login
Body (JSON):

{
  "email": "starcodekh@example.com",
  "password": "password123"
}

Response:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOi..."
}

Copy the token.

3. Get Profile

GET /auth/profile
Headers:

Authorization: Bearer {your_token}

4. Logout

POST /auth/logout
Headers:

Authorization: Bearer {your_token}

5. List Users

GET /users
Headers:

Authorization: Bearer {your_token}

6. Create User

POST /users
Headers:

Authorization: Bearer {your_token}

Body (JSON):

{
  "name": "Soeng Souy",
  "email": "soengsouy@example.com",
  "password": "secret123"
}

7. Show User

GET /users/2
Headers:

Authorization: Bearer {your_token}

8. Update User

PUT /users/2
Headers:

Authorization: Bearer {your_token}

Body (JSON):

{
  "name": "StarCode Kh",
  "password": "newpassword123"
}

9. Delete User

DELETE /users/2
Headers:

Authorization: Bearer {your_token}

✅ Conclusion

You now have:

  • JWT Authentication (register, login, profile, logout)

  • Full User CRUD (list, create, show, update, delete)

  • Complete Postman examples with request/response JSON

🚀 This is production-ready and can be extended with:

  • Password reset 🔑

  • Email verification 📧

  • User activity logs 📊

  • API rate limiting ⚡

Want the full source code?

Download the complete Laravel 12 JWT API Authentication example on my GitHub repo here.

Happy Coding!

Tag
Souy Soeng

Souy Soeng

Hi there 👋, I’m Soeng Souy (StarCode Kh)
-------------------------------------------
🌱 I’m currently creating a sample Laravel and React Vue Livewire
👯 I’m looking to collaborate on open-source PHP & JavaScript projects
💬 Ask me about Laravel, MySQL, or Flutter
⚡ Fun fact: I love turning ☕️ into code!

Post a Comment

CAN FEEDBACK
close