This is an example of a REST API using auth tokens with Laravel Sanctum
composer create-project laravel/laravel laravel-sanctum-api DB_DATABASE=laravel DB_USERNAME=root DB_PASSWORD= php artisan make:migration create_products_table../database/migrations/create_products_table.php ... public function up(){ Schema::create('products', function (Blueprint $table) { $table->id(); $table->string('name'); $table->text('detail'); $table->timestamps(); }); } php artisan migrate../app/Http/Kernel.php use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful; ... protected $middlewareGroups = [ ... 'api' => [ EnsureFrontendRequestsAreStateful::class, 'throttle:60,1', \Illuminate\Routing\Middleware\SubstituteBindings::class, ], ]; ... ], php artisan make:seeder UsersTableSeederuse Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Hash; ... ... DB::table('users')->insert([ 'name' => 'John Doe', 'email' => 'john@doe.com', 'password' => Hash::make('password') ]);php artisan db:seed --class=UsersTableSeederphp artisan make:controller API/AuthController php artisan make:controller API/ProductController<?php namespace App\Http\Controllers\API; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use App\Models\User; use Illuminate\Support\Facades\Hash; use Validator; class AuthController extends Controller { public function register(Request $request) { $validator = Validator::make($request->all(), [ 'name' => 'required|string', 'email' => 'required|string|unique:users,email', 'password' => 'required|string', 'c_password' => 'required|same:password', ]); if($validator->fails()){ $response = [ 'success' => false, 'message' => 'Validation Error.', 'data' => $validator->errors(), ]; return response()->json($response, 404); } $fields = $request->all(); $user = User::create([ 'name' => $fields['name'], 'email' => $fields['email'], 'password' => bcrypt($fields['password']) ]); $token = $user->createToken('myapptoken')->plainTextToken; $response = [ 'success' => true, 'message' => 'User register successfully.', 'data' => $user, ]; return response()->json($response, 200); } function login(Request $request){ $user= User::where('email', $request->email)->first(); if (!$user || !Hash::check($request->password, $user->password)) { $response = [ 'success' => false, 'message' => 'Unauthorised.', ]; return response()->json($response, 404); } $result['token'] = $user->createToken('my-app-token')->plainTextToken; $result['name'] = $user->name; $result['email'] = $user->email; $response = [ 'success' => true, 'message' => 'User login successfully.', 'data' => $result, ]; return response()->json($response, 200); } public function logout(Request $request) { auth()->user()->tokens()->delete(); $response = [ 'success' => true, 'message' => 'User Logged Out.', 'data' => array(), ]; return response()->json($response, 200); } } { "user": { "id": 1, "name": "John Doe", "email": "john@doe.com", "email_verified_at": null, "created_at": null, "updated_at": null }, "token": "AbQzDgXa..." }<?php namespace App\Http\Controllers\API; use App\Http\Controllers\Controller; use App\Models\Product; use Illuminate\Http\Request; use Validator; class ProductController extends Controller { public function index() { $products = Product::all(); $response = [ 'success' => true, 'message' => 'Products retrieved successfully.', 'data' => $products, ]; return response()->json($response, 200); } public function store(Request $request) {//dd('asila'); $request->validate([ 'name' => 'required', 'detail' => 'required', 'slug' => 'required', 'price' => 'required' ]); $input = $request->all(); $product = Product::create($input); $response = [ 'success' => true, 'message' => 'Products retrieved successfully.', 'data' => $product, ]; // return Product::create($request->all()); } public function show($id){ $product = Product::find($id); if (is_null($product)) { $response = [ 'success' => false, 'message' => 'Product not found.', 'data' => [], ]; return response()->json($response, 404); } $response = [ 'success' => true, 'message' => 'Product retrieved successfully..', 'data' => $product, ]; return response()->json($response, 200); } public function update(Request $request, $id){ $input = $request->all(); $validator = Validator::make($input, [ 'name' => 'required', 'detail' => 'required', 'price' => 'required' ]); if($validator->fails()){ $response = [ 'success' => false, 'message' => 'Validation Error.', 'data' => $validator->errors(), ]; return response()->json($response, 404); } $product = Product::find($id); $product->name = $input['name']; $product->detail = $input['detail']; $product->price = $input['price']; $product->update(); $response = [ 'success' => true, 'message' => 'Product updatedd successfully..', 'data' => $product, ]; return response()->json($response, 200); } public function destroy($id) { Product::destroy($id); $response = [ 'success' => true, 'message' => 'Product deleted successfully..', 'data' => [], ]; return response()->json($response, 200); } } Route::group(['middleware' => 'auth:sanctum'], function(){ //All secure URL's }); Route::post("login",[UserController::class,'index']);# Public GET /api/products GET /api/product/:id POST /api/login @body: email, password POST /api/register @body: name, email, password, c_password # Protected POST /api/product @body: name, slug, description, price PUT /api/product/:id @body: name, slug, description, price DELETE /api/product/:id POST /api/logout Make sure in details api we will use following headers as listed bellow if it is procted i.e after login and put/post case
'headers' => [ 'Accept' => 'application/json', 'Authorization' => 'Bearer '.accesstoknwhichiscreatedafterlogin, ]