Laravel 11 Sanctum API Login Registration Complete Guide
Laravel Jetstream uses Laravel Sanctum for API authentication. Make sure Sanctum is installed and configured properly. Before starting work we need to create project using laravel 11 project. This blog will provide you complete guideline to make API using laravel sanctum. Read and follow from starting to ending to make your first api using sanctum(laravel 11)
Create Laravel 11 Empty Project
composer create-project --prefer-dist laravel/laravel laravel11-api
Goto laravel11-api directory
cd laravel11-api
Install Jetstream
composer require laravel/jetstream php artisan jetstream:install inertia
Jetstream Installation Screenshot
Install npm and run dev
npm install && npm run dev php artisan migrate
Install Sanctum
composer require laravel/sanctum
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate
Configure stateful domain in your config/sanctum.php file
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf( '%s%s', 'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1', Sanctum::currentApplicationUrlWithPort() ))),
Define Routes in routes/api.php
use App\Http\Controllers\Api\Auth\LoginController; use App\Http\Controllers\Api\Auth\RegisterController; use Illuminate\Support\Facades\Route; Route::group([ 'prefix' => 'v1', ], function () { Route::post('/register', [RegisterController::class, 'register']); Route::post('/login', [LoginController::class, 'login']); Route::post('/logout', [LoginController::class, 'logout'])->middleware('auth:sanctum'); });
Use HasApiTokens trait in User model
namespace App\Models; // use Illuminate\Contracts\Auth\MustVerifyEmail; use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Notifications\Notifiable; use Laravel\Fortify\TwoFactorAuthenticatable; use Laravel\Jetstream\HasProfilePhoto; use Laravel\Sanctum\HasApiTokens; class User extends Authenticatable { use HasApiTokens; use HasFactory; use HasProfilePhoto; use Notifiable; use TwoFactorAuthenticatable; protected $fillable = [ 'name', 'email', 'password', ]; protected $hidden = [ 'password', 'remember_token', 'two_factor_recovery_codes', 'two_factor_secret', ]; protected $appends = [ 'profile_photo_url', ]; protected function casts(): array { return [ 'email_verified_at' => 'datetime', 'password' => 'hashed', ]; } }
Define RegisterController under namespace App\Http\Controllers\Api\Auth;
namespace App\Http\Controllers\Api\Auth; use App\Http\Controllers\Controller; use App\Models\User; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; class RegisterController extends Controller { public function register(Request $request) { $validator = Validator::make($request->all(), [ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users', 'password' => 'required|string|min:8|confirmed', ]); if ($validator->fails()) { return response()->json($validator->errors(), 422); } $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), ]); return response()->json(['message' => 'User registered successfully', 'user' => $user], 201); } }
Define LoginController namespace App/Http/Controllers/Api/V1;
namespace App\Http\Controllers\Api\Auth; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Validator; class LoginController extends Controller { public function login(Request $request) { $validator = Validator::make($request->all(), [ 'email' => 'required|string|email', 'password' => 'required|string', ]); if ($validator->fails()) { return response()->json($validator->errors(), 422); } if (!Auth::attempt($request->only('email', 'password'))) { return response()->json(['message' => 'Unauthorized'], 401); } $user = Auth::user(); $token = $user->createToken('API Token')->plainTextToken; return response()->json(['message' => 'Login successful', 'token' => $token], 200); } public function logout(Request $request) { $request->user()->currentAccessToken()->delete(); return response()->json(['message' => 'Logout successful'], 200); } }
Start Your project and access to endpoint using postman or other clients
php artisan serve
Register API in Postman
Login API Access in Postman
Access Routes protected by sanctum-middleware
Now modify your routes/api.php like below
Route::group([ 'prefix' => 'v1', ], function () { Route::post('/register', [RegisterController::class, 'register']); Route::post('/login', [LoginController::class, 'login']); Route::post('/logout', [LoginController::class, 'logout'])->middleware('auth:sanctum'); Route::group([ 'midddleware' => ['auth:sanctum'], ], function () { Route::get('/users', [UserController::class, 'index']); }); });
Access api/v1/users from postman you will get all the users
Hope that, this blog will help you to create your first api using sanctum based on laravel 11.
Source code and postman collection will be available at https://github.com/Programming-Mindset/laravel11-sanctum-api