Authentication

Choose the Right Tool:

  • Laravel Sanctum: Ideal for single-page applications (SPAs), mobile applications, and simple token-based APIs.
  • Laravel Passport: A full OAuth2 server implementation, suitable for third-party integrations and more complex authentication needs.

Protect Routes

Use middleware to protect routes that require authentication.

PHP
use Illuminate\Support\Facades\Route;

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

Use HTTPS

Always use HTTPS to encrypt data in transit and prevent token hijacking.

Edit this page on GitHub
Table of Contents