Laravel API Authentication -
i building api using laravel used both mobile , web applications. confused regarding authentication.
basically web application used users both in logged in state , visitor state.
how authentication work in case? if api uses username/password authenticate user visitors?
also, how make sure webapp , mobile app thats making request api? how ensure doesn't programatically doesn't access api , apps can request access data?
you have routes file, , able apply filter (laravel 4) / middleware (laravel 5) routes protect them. assuming using l5 -
route::group('api/v1', function() { route::group(['middleware' => 'api.auth'], function() { route::get('protected', function() { return response()->json(['authenticated response'], 200); }); }); route::get('guest', function() { return response()->json(['guest response'], 200); }); });
then need create middleware api.auth
- see http://laravel.com/docs/5.1/routing#route-group-middleware , http://laravel.com/docs/5.1/middleware
so happens when try visit /api/v1/protected
, laravel run api.auth
middleware before lets user go further.
api/v1/guest
of course able accessed authenticated users , guest users because there no middleware applied.
Comments
Post a Comment