A robust Laravel API starter template with built-in authentication, standardized JSON responses, and extendable controllers using reusable traits. Ideal for quickly bootstrapping secure and maintainable RESTful APIs.

Author: Mikiyas Birhanu
GitHub: @codewithmikee
Repo: github.com/codewithmikee/laravel-backend-starter-template

API documentation and collections (Postman, Swagger/OpenAPI) are stored in the docs/ folder at the project root.

• Postman Collection:

  • File: docs/postman_collection.json
  • Import this file into Postman to test all API endpoints quickly.
  • Includes example requests for registration, login, and profile fetch.

• Swagger/OpenAPI Spec:

  • File: docs/swagger.yaml
  • Use with Swagger UI, Redoc, or compatible tools for interactive API docs and code generation.
  • Describes all endpoints, request/response formats, and authentication requirements.

• Sanctum Authentication: Ready-to-use JWT-like token-based auth.
• Standardized Responses: Consistent JSON success/error formats via traits.
• Pre-configured Error Handling: Automatic exceptions for:
  • Validation (422)
  • Authorization (403)
  • Rate Limiting (429)
  • Model/Route Not Found (404)
• Extendable Base Controllers: Simplify CRUD operations with:
  • BaseApiController (General APIs)
  • ProtectedApiController (Auth-required endpoints)
• Reusable Controller Traits:
  • HandlesApiResponse: Standardizes API responses
  • HandlesValidation: Centralizes validation logic
  • HandlesAuth: Authenticated user and authorization helpers
• Middleware: Ensures all responses are JSON-formatted.

git clone https://github.com/codewithmikee/laravel-backend-starter-template.git cd laravel-backend-starter-template cp .env.example .env composer install php artisan key:generate

Update .env with your database credentials:

DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=laravel DB_USERNAME=root DB_PASSWORD=

php artisan migrate

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

Register
POST /api/auth/register

{ "name": "John Doe", "email": "john@example.com", "password": "secret123" }

Login
POST /api/auth/login

{ "email": "john@example.com", "password": "secret123", "device_name": "iPhone" }

Profile (Protected)
GET /api/profile
Header: Authorization: Bearer <token>

use App\Http\Controllers\Api\ProtectedApiController; class UserController extends ProtectedApiController { public function index() { return $this->handleRequest( fn() => User::all(), $this->request, 'Users fetched successfully' ); } }

use App\Http\Controllers\Concerns\HandlesApiResponse; class CustomController extends Controller { use HandlesApiResponse; // ... }

Throw errors directly in controllers:

$this->respondError('Resource not found', 404);

Success

{ "success": true, "message": "Profile fetched successfully", "data": { "name": "John", "email": "john@example.com" }, "errors": null }

Error

{ "success": false, "message": "Unauthorized", "data": null, "errors": {"authorization": "Unauthenticated"} }

• Use BaseApiController for general endpoints.
• Extend ProtectedApiController for auth-required routes.
• Utilize validateRequest() in controllers for validation.
• Use controller traits for reusable logic.
• Environment-specific errors: Full details in local/staging, generic in production.

Happy Coding! 🚀
Maintained by Mikiyas Birhanu