Laravel REST API with Passport Authentication

Today we are going to build a REST API using Laravel and Laravel Passport. To implement API, we use php framework Laravel , Laravel Passport and we use MYSQL to store our data.

Prerequisites

Laravel

To Continue with this tutorial, you should have installed Laravel 8 in your pc. If you are still not installed Laravel in your machine you can configure it from here.

Postman

To test our API endpoints, you need a API Testing application like Postman. You can download Postman from here.

Setting up the Project

First you need to create a new laravel project by running below command in your terminal

composer create-project laravel/laravel laravel-passport-auth --prefer-dist

Then navigate to your project directory by using below command in your terminal

cd laravel-passport-auth

Setting up Database

To setup up Database for our project, open the application using your favourite text editor and and then navigate to .env file in it and then change below section acording to your Database settings:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel-passport-auth
DB_USERNAME=root
DB_PASSWORD=

Install Passport Package

Now we need to o install the passport package through Composer package manager.

composer require laravel/passport

Now we need to run the default migration to create a new tables in the MySQL database.

php artisan migrate

Next, to generate token keys for securing our application.

php artisan passport:install

Configure Passport Module

To configure the Passport package in our Laravel application, open app/Models/User.php file and include HasApiTokens trait inside the User model, as mentioned below.

<?php

namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasFactory, Notifiable, HasApiTokens;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];
}

Now open app/Providers/AuthServiceProvider.php file and paste below code:

<?php

namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;

use Laravel\Passport\Passport;


class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Models\Model' => 'App\Policies\ModelPolicy',
    ];


    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();
        Passport::routes();
    }
}

Then you shoul register register the PassportServiceProvider class in providers array inside the config/app.php file:

'providers' => [
        ...
        ... 
        ...
        Laravel\Passport\PassportServiceProvider::class,

    ],

Finally we need to configure the driver for the Passport. To do it get inside the config/auth.php file and make the changes as shown below.

<?php
    return [
    ....
    ....
    
        'guards' => [
            'web' => [
                'driver' => 'session',
                'provider' => 'users',
            ],
    
            'api' => [
                'driver' => 'passport',
                'provider' => 'users',
            ],
        ],
    
    ....
    ....
]

Create Posts Model & Run Migration

To make the connection between the client and the server, we we require to create the Post model by running below command:

php artisan make:model Post -m

After executing the above command, navigate to database/migrations/timestamp_create_posts_table and change it shown as below:

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreatePostsTable extends Migration
{
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('posts', function (Blueprint $table) {
            $table->increments('id');
            $table->unsignedBigInteger('user_id');
            $table->text('title');
            $table->longText('description');
            $table->timestamps();

            $table->foreign('user_id')->references('id')->on('users');  
        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::dropIfExists('posts');
    }
}

Then navigate to app/Models/Post.php file and register the following values inside $fillablearray.

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;

class Post extends Model
{
    use HasFactory;
    protected $fillable = [
        'title', 'description'
    ];    
}

Then, run the migration by using the below command:

php artisan migrate

Create a New Controller

Then we need to create a new controller in our laravel app to create a login and registration REST API.

php artisan make:controller PassportAuthController

Now you need to replace PassportAuthController.php by inserting below code:

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\User;

class PassportAuthController extends Controller
{
    /**
     * Registration
     */
    public function register(Request $request)
    {
        $this->validate($request, [
            'name' => 'required|min:4',
            'email' => 'required|email',
            'password' => 'required|min:8',
        ]);
 
        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => bcrypt($request->password)
        ]);
       
        $token = $user->createToken('LaravelAuthApp')->accessToken;
 
        return response()->json(['token' => $token], 200);
    }
 
    /**
     * Login
     */
    public function login(Request $request)
    {
        $data = [
            'email' => $request->email,
            'password' => $request->password
        ];
 
        if (auth()->attempt($data)) {
            $token = auth()->user()->createToken('LaravelAuthApp')->accessToken;
            return response()->json(['token' => $token], 200);
        } else {
            return response()->json(['error' => 'Unauthorised'], 401);
        }
    }   
}

Now we need to establish our connection between Post and User model. Change app/Models/User.php file.

<?php

namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasFactory, Notifiable, HasApiTokens;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];

    public function posts()
    {
        return $this->hasMany(Post::class);
    }    
}

Then create Post Controller by running below command:

php artisan make:controller PostController

Then add following code in to PostController.php

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Post;

class PostController extends Controller
{
    public function index()
    {
        $posts = auth()->user()->posts;
 
        return response()->json([
            'success' => true,
            'data' => $posts
        ]);
    }
 
    public function show($id)
    {
        $post = auth()->user()->posts()->find($id);
 
        if (!$post) {
            return response()->json([
                'success' => false,
                'message' => 'Post not found '
            ], 400);
        }
 
        return response()->json([
            'success' => true,
            'data' => $post->toArray()
        ], 400);
    }
 
    public function store(Request $request)
    {
        $this->validate($request, [
            'title' => 'required',
            'description' => 'required'
        ]);
 
        $post = new Post();
        $post->title = $request->title;
        $post->description = $request->description;
 
        if (auth()->user()->posts()->save($post))
            return response()->json([
                'success' => true,
                'data' => $post->toArray()
            ]);
        else
            return response()->json([
                'success' => false,
                'message' => 'Post not added'
            ], 500);
    }
 
    public function update(Request $request, $id)
    {
        $post = auth()->user()->posts()->find($id);
 
        if (!$post) {
            return response()->json([
                'success' => false,
                'message' => 'Post not found'
            ], 400);
        }
 
        $updated = $post->fill($request->all())->save();
 
        if ($updated)
            return response()->json([
                'success' => true
            ]);
        else
            return response()->json([
                'success' => false,
                'message' => 'Post can not be updated'
            ], 500);
    }
 
    public function destroy($id)
    {
        $post = auth()->user()->posts()->find($id);
 
        if (!$post) {
            return response()->json([
                'success' => false,
                'message' => 'Post not found'
            ], 400);
        }
 
        if ($post->delete()) {
            return response()->json([
                'success' => true
            ]);
        } else {
            return response()->json([
                'success' => false,
                'message' => 'Post can not be deleted'
            ], 500);
        }
    }
}

Define API Routes

Go to your routes/api.php file and place below code in it:

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\PassportAuthController;
use App\Http\Controllers\PostController;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::post('register', [PassportAuthController::class, 'register']);
Route::post('login', [PassportAuthController::class, 'login']);

Route::middleware('auth:api')->group(function () {
    Route::resource('posts', PostController::class);
});

Run our application

Now we have already finished with our API creation. Before testing our API in Postman, you need to run your application using below command:

php artisan serve

Testing APIs

To test our API endpoints, we need to use Postman.

• Register

  Method: POST
  URL:http://localhost:8000/api/register
  Body
  x-www-form-urlencoded

  Key	Value
  name	name
  email	example@example.com
  password	password

• Login

  Method: POST
  URL:http://localhost:8000/api/login
  Authorization: Bearer “access-token”
  Body
  x-www-form-urlencoded

  Key	Value
  email	example@example.com
  password	password

• Create new post

  Method: POST
  URL:http://localhost:8000/api/posts
  Authorization: Bearer “access-token”
  Body
  x-www-form-urlencoded

  Key	Value
  title	title
  description	description

• Get all posts

  Method: GET
  URL:http://localhost:8000/api/posts
  Authorization: Bearer “access-token”

• Get single post

  Method: GET
  URL:http://localhost:8000/api/posts/:id
  Authorization: Bearer “access-token”

• Update post

  Method: PUT
  URL:http://localhost:8000/api/posts/:id
  Authorization: Bearer “access-token”

• Delete post

  Method: DELETE
  URL:http://localhost:8000/api/posts/:id
  Authorization: Bearer “access-token”

Conclusion

In this tutorial, we implemented Laravel REST API with Passport Authentication. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail. You can obtain complete source code for this tutorial from this GitHub repository.