Open in app

Sign in

Write

Sign in

Using Laravel Sanctum for API Authentication: A Guide with Examples

Bernard Sarfo Twumasi
2 min readApr 28, 2023

--

Laravel Sanctum is a lightweight package that provides an easy-to-use API authentication system for your Laravel applications. It is designed to help you secure your API endpoints without needing a full OAuth2 server. In this article, we’ll explore how to use Sanctum in Laravel with examples.

What is Laravel Sanctum?

Sanctum is a package that provides a featherweight authentication system for SPAs (single-page applications), mobile applications, and simple, token-based APIs. It is designed to help you secure your API endpoints without needing a full OAuth2 server.

Sanctum allows each user of your application to generate multiple API tokens for their account. These tokens may be granted abilities/scopes which specify which actions the tokens are allowed to perform.

Sanctum works by creating API tokens that are used to authenticate users. These tokens can be created and revoked programmatically, and they can be used to authenticate API requests.

How to use Laravel Sanctum?

To use Sanctum in Laravel, you need to install the package using Composer. Here’s how to do it:

composer require laravel/sanctum

Once you have installed Sanctum, you need to publish its configuration and migration files using the following Artisan command:

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

This will publish a sanctum.php configuration file and a create_personal_access_tokens_table.php migration file.

To create an API token for a user, you can use the createToken() method provided by the HasApiTokens trait. Here's an example:

use Laravel\Sanctum\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens;
}

With this trait added to your User model, you can create a token for a user like this:

$user = Auth::user();
$token = $user->createToken('token-name');

This will create a new token with the specified name and return a Laravel\Sanctum\PersonalAccessToken object.

You can then use this token to authenticate API requests by including it in the Authorization header of your requests:

Authorization: Bearer <token>

To protect your API endpoints using Sanctum, you can use the auth:sanctum middleware. Here's an example:

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

This route will only be accessible to authenticated users who have a valid Sanctum API token.

Conclusion

Laravel Sanctum is a lightweight and easy-to-use package that provides a simple API authentication system for your Laravel applications. With Sanctum, you can easily create and revoke API tokens, authenticate API requests, and protect your API endpoints. Whether you’re building a simple API or a complex web application, Sanctum is a powerful tool that can help you secure your application’s API endpoints.

Laravel
Laravel Sanctum
API

--

--

Bernard Sarfo Twumasi

Written by Bernard Sarfo Twumasi

3 Followers

I’m a multidisciplinary software developer and digital designer. I design and code beautifully simple things, and I love what I do.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams