An API without authentication is like a house without a door. So, let's secure our API by adding an authentication system to it:
- Set up Sanctum Middleware
- Create a User Registration API
- Create a User Login API
Let's get secure!
Setting Up Authentication Middleware
Let's start by securing our API endpoint with a Middleware:
routes/api.php
// ... Route::group(['middleware' => 'auth:sanctum'], function () { Route::apiResource('categories', CategoryController::class); Route::apiResource('transactions', TransactionController::class);});Now, we can immediately try to make an API request using Postman:
This is good! However, we need to create a user registration and login API to authenticate our users.
Registering our First User
So, let's create a way to register a new user. For this, we need a new Controller:
php artisan make:controller Api/AuthControllerIn there, let's add a new method to register a user:
app/Http/Controllers/Api/AuthController.php
use App\Models\User;use Illuminate\Http\Request;use Illuminate\Support\Facades\Hash;use Illuminate\Validation\Rules\Password; // ... public function register(Request $request): string{ $request->validate([ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users', 'password' => ['required', 'confirmed', Password::defaults()], 'device_name' => 'required', ]); $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), ]); return $user->createToken($request->device_name)->plainTextToken;}As you can see, we are doing basic validation and user creation...