Laravel Sanctum authentication tutorial; In this tutorial, we will share how to create or build a secure PHP RESTful API in Laravel application with the help of the Laravel sanctum package.
Likewise, we will explain to you step by step how to test the Laravel Sanctum authentication REST API using the Postman testing tool.
Laravel Sanctum offers an immaculate, secure, blazingly fast, lightweight authentication system for single-page applications (SPA), mobile applications, and simple, token-based APIs.
Sanctum is a profound package that allows every user to generate multiple API tokens for their account independently. These tokens grant various roles and scopes that designate which actions the tokens are entitled to perform.
So, let’s start creating the sanctum rest api in the laravel application without getting into theories.
Laravel 9 Sanctum Auth REST API Example
Here are the instructions going toward building an uncomplicated, secure restful api in the laravel app.
- Step 1: Create Laravel Project
- Step 2: Add Database Details
- Step 3: Install Laravel Sanctum Pacakage
- Step 4: Setting Up Sanctum
- Step 5: Update Model and Run Migration
- Step 6: Build API Resources
- Step 7: Set Up Controllers
- Step 8: Create REST API Routes
- Step 09: Test REST API in Postman
Create Laravel Project
You have to open the terminal, add the following command to create a Laravel project. But, ensure you have composer installed on your system.
composer create-project --prefer-dist laravel/laravel laravel-sanctum-authAdd Database Details in ENV
You have to add the database details into the .env configuration file to communicate between the laravel and mysql database.
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=db_name
DB_USERNAME=root
DB_PASSWORD=If you are using MAMP local server in macOs; make sure to append UNIX_SOCKET and DB_SOCKET below database credentials in .env file.
UNIX_SOCKET=/Applications/MAMP/tmp/mysql/mysql.sock
DB_SOCKET=/Applications/MAMP/tmp/mysql/mysql.sockInstall Laravel Sanctum Pacakage
Type the composer command on the terminal console and execute it to begin installing the sanctum package into the laravel app.
composer require laravel/sanctumSetting Up Sanctum
Sanctum library has been added to laravel, and now you need to add the sanctum provider. Consequently, publish sanctum configuration with the help of vendor publish.
php artisan vendor:publish --provider="LaravelSanctumSanctumServiceProvider"Thereafter, register the sanctum middleware into the api array inside the app/Http/Kernel.php file
protected $middlewareGroups = [
...
...
'api' => [
LaravelSanctumHttpMiddlewareEnsureFrontendRequestsAreStateful::class,
'throttle:api',
IlluminateRoutingMiddlewareSubstituteBindings::class,
],
...
...
];Execute the following command to run migration; similarly later within the database we will generate a sanctum table to handle auth information.
php artisan migrateSubsequently, we have to make the sanctum configuration ready for the laravel auth project. Consequently, add the sanctum HasApiTokens class into the app/Models/User.php file.
namespace AppModels;
use IlluminateContractsAuthMustVerifyEmail;
use IlluminateDatabaseEloquentFactoriesHasFactory;
use IlluminateFoundationAuthUser as Authenticatable;
use IlluminateNotificationsNotifiable;
use LaravelSanctumHasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
protected $fillable = [
'name',
'email',
'password',
];
protected $hidden = [
'password',
'remember_token',
];
protected $casts = [
'email_verified_at' => 'datetime',
];
}Update Model and Run Migration
Use php artisan command to create a new blog migration table, type command on terminal and execute it to generate a new migration file.
php artisan make:migration create_blogs_tableYou have to add few properties into the migration file, so open and add code into the database/migrations/create_blogs_table.php file.
use IlluminateDatabaseMigrationsMigration;
use IlluminateDatabaseSchemaBlueprint;
use IlluminateSupportFacadesSchema;
class CreateBlogsTable extends Migration
{
public function up()
{
Schema::create('blogs', function (Blueprint $table) {
$table->id();
$table->string('title');
$table->text('description');
$table->timestamps();
});
}
public function down()
{
Schema::dropIfExists('blogs');
}
}Next, create an app/Models/Blog.php file and register product migration properties inside the $fillable array.
namespace AppModels;
use IlluminateDatabaseEloquentFactoriesHasFactory;
use IlluminateDatabaseEloquentModel;
class Blog extends Model
{
use HasFactory;
protected $fillable = [
'title',
'description'
];
}Run recommended command to run database migration:
php artisan migrateBuild API Resources
We are taking the help of laravel’s eloquent api resources. It allows you to manage a similar response as your model has; for instance, we will use BlogController, which will match the properties of the Blog model.
Execute command to generate Blog eloquent api resources.
php artisan make:resource BlogPlace the suggested code into the app/Http/Resources/Blog.php
file:
namespace AppHttpResources;
use IlluminateHttpResourcesJsonJsonResource;
class Blog extends JsonResource
{
public function toArray($request)
{
return [
'id' => $this->id,
'title' => $this->title,
'description' => $this->description,
'created_at' => $this->created_at->format('m/d/Y'),
'updated_at' => $this->updated_at->format('m/d/Y'),
];
}
}Setting Up Controllers
Next, we need to create three controllers to handle the auth process; first, create an API directory into the Controllers folder; after that, create three files simultaneously within the folder name them AuthController, BaseController and BlogController.
These files will individually handle login, signup and blogs crud operations.
Subsequently, add the code in the app/Http/Controllers/API/BaseController.php file:
namespace AppHttpControllersAPI;
use IlluminateHttpRequest;
use AppHttpControllersController as Controller;
class BaseController extends Controller
{
public function sendResponse($result, $message)
{
$response = [
'success' => true,
'data' => $result,
'message' => $message,
];
return response()->json($response, 200);
}
public function sendError($error, $errorMessages = [], $code = 404)
{
$response = [
'success' => false,
'message' => $error,
];
if(!empty($errorMessages)){
$response['data'] = $errorMessages;
}
return response()->json($response, $code);
}
}Open and place all the suggested code into the app/Http/Controllers/API/AuthController.php file, it will amplify the user registration and signin process:
namespace AppHttpControllersAPI;
use IlluminateHttpRequest;
use AppHttpControllersAPIBaseController as BaseController;
use IlluminateSupportFacadesAuth;
use Validator;
use AppModelsUser;
class AuthController extends BaseController
{
public function signin(Request $request)
{
if(Auth::attempt(['email' => $request->email, 'password' => $request->password])){
$authUser = Auth::user();
$success['token'] = $authUser->createToken('MyAuthApp')->plainTextToken;
$success['name'] = $authUser->name;
return $this->sendResponse($success, 'User signed in');
}
else{
return $this->sendError('Unauthorised.', ['error'=>'Unauthorised']);
}
}
public function signup(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required',
'confirm_password' => 'required|same:password',
]);
if($validator->fails()){
return $this->sendError('Error validation', $validator->errors());
}
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
$success['token'] = $user->createToken('MyAuthApp')->plainTextToken;
$success['name'] = $user->name;
return $this->sendResponse($success, 'User created successfully.');
}
}Head over to the app/Http/Controllers/API/BlogController.php file and insert the CRUD operations code into it:
namespace AppHttpControllersAPI;
use IlluminateHttpRequest;
use AppHttpControllersAPIBaseController as BaseController;
use Validator;
use AppModelsBlog;
use AppHttpResourcesBlog as BlogResource;
class BlogController extends BaseController
{
public function index()
{
$blogs = Blog::all();
return $this->sendResponse(BlogResource::collection($blogs), 'Posts fetched.');
}
public function store(Request $request)
{
$input = $request->all();
$validator = Validator::make($input, [
'title' => 'required',
'description' => 'required'
]);
if($validator->fails()){
return $this->sendError($validator->errors());
}
$blog = Blog::create($input);
return $this->sendResponse(new BlogResource($blog), 'Post created.');
}
public function show($id)
{
$blog = Blog::find($id);
if (is_null($blog)) {
return $this->sendError('Post does not exist.');
}
return $this->sendResponse(new BlogResource($blog), 'Post fetched.');
}
public function update(Request $request, Blog $blog)
{
$input = $request->all();
$validator = Validator::make($input, [
'title' => 'required',
'description' => 'required'
]);
if($validator->fails()){
return $this->sendError($validator->errors());
}
$blog->title = $input['title'];
$blog->description = $input['description'];
$blog->save();
return $this->sendResponse(new BlogResource($blog), 'Post updated.');
}
public function destroy(Blog $blog)
{
$blog->delete();
return $this->sendResponse([], 'Post deleted.');
}
}Create REST API Routes
You need to use controllers to build sanctum auth api routes; we have defined the login, register post methods and resources to create auth api collectively.
Open and insert code into routes/api.php file:
use IlluminateHttpRequest;
use IlluminateSupportFacadesRoute;
use AppHttpControllersAPIAuthController;
use AppHttpControllersAPIBlogController;
Route::post('login', [AuthController::class, 'signin']);
Route::post('register', [AuthController::class, 'signup']);
Route::middleware('auth:sanctum')->group( function () {
Route::resource('blogs', BlogController::class);
});Test Sanctum REST API in Postman
We have created the REST API using sanctum auth; further you need to start the laravel development server with the help of the php artisan command:
php artisan serveWith the help of Postman, we will test the Laravel Sanctum authentication APIs:
Test Register REST API
Open the Postman app, select the Post method from the dropdown. Enter the route or URL in the address bar, select the Body section, enter name, email, password and confirm the password and click on send to create a user using laravel sanctum auth api.
http://localhost:8000/api/register
Test Login API
Add the following URL in the postman address bar, switch the method to GET, enter email and password and click on send to login a user.
http://localhost:8000/api/login
Set Authorization Token
Get into the Postman app’s Authorization tab, select ‘Bearer Token’ from the Type dropdown, then add the auth token that you got when logged into the app.
Create Post with Sanctum API
Add the following URL in the postman address bar, switch the method to POST, enter title and description then click to create a post and store into the database.
http://localhost:8000/api/blogs
Get Single Post
You can now see how to fetch single post using the post id and rest api, use the given below url:
http://localhost:8000/api/blogs/{id}
Fetch All Posts
You can fetch all the posts at once, hence use the following REST API with GET method to get all the records.
http://localhost:8000/api/blogs
Update Post
Update a post using sanctum auth restful api, add the following route with Put method to update a single record into the database.
http://localhost:8000/api/blogs/{id}
Delete Record
To delete a record set the method to delete and use the following url:
http://localhost:8000/api/blogs/{id}
Conclusion
The Laravel Sanctum authentication tutorial is over; throughout this detailed guide, you explored bit by bit how to create and test authentication REST API in laravel with the help of Sanctum auth package and Postman api testing tool.
When it comes to security, flexibility, and ease of use, there is nothing better than Sanctum auth api.
You may also take the help of Laravel sanctum auth API to add authentication in your next laravel project. We assume you liked this comprehensive example, so don’t forget to share it with others.
Also, You may download the complete code from GitHub.