Laravel REST API with Passport Authentication

Today we are going to build a REST API using Laravel and Laravel Passport. To implement API, we use php framework Laravel , Laravel Passport and we use MYSQL to store our data.

Prerequisites

Laravel
To Continue with this tutorial, you should have installed Laravel 8 in your pc. If you are still not installed Laravel in your machine you can configure it from here.
Postman
To test our API endpoints, you need a API Testing application like Postman. You can download Postman from here.

Setting up the Project

First you need to create a new laravel project by running below command in your terminal

1	composer create-project laravel/laravel laravel-passport-auth --prefer-dist

Then navigate to your project directory by using below command in your terminal

1	cd laravel-passport-auth

Setting up Database

To setup up Database for our project, open the application using your favourite text editor and and then navigate to .env file in it and then change below section acording to your Database settings:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel-passport-auth
DB_USERNAME=root
DB_PASSWORD=

Install Passport Package

Now we need to o install the passport package through Composer package manager.

1	composer require laravel/passport

Now we need to run the default migration to create a new tables in the MySQL database.

1	php artisan migrate

Next, to generate token keys for securing our application.

1	php artisan passport:install

Configure Passport Module

To configure the Passport package in our Laravel application, open app/Models/User.php file and include HasApiTokens trait inside the User model, as mentioned below.

<?php

namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasFactory, Notifiable, HasApiTokens;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];
}

Now open app/Providers/AuthServiceProvider.php file and paste below code:

<?php

namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;

use Laravel\Passport\Passport;


class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Models\Model' => 'App\Policies\ModelPolicy',
    ];


    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();
        Passport::routes();
    }
}

Then you shoul register register the PassportServiceProvider class in providers array inside the config/app.php file:

'providers' => [
        ...
        ... 
        ...
        Laravel\Passport\PassportServiceProvider::class,

    ],

Finally we need to configure the driver for the Passport. To do it get inside the config/auth.php file and make the changes as shown below.

<?php
    return [
    ....
    ....
    
        'guards' => [
            'web' => [
                'driver' => 'session',
                'provider' => 'users',
            ],
    
            'api' => [
                'driver' => 'passport',
                'provider' => 'users',
            ],
        ],
    
    ....
    ....
]

Create Posts Model & Run Migration

To make the connection between the client and the server, we we require to create the Post model by running below command:

1	php artisan make:model Post -m

After executing the above command, navigate to database/migrations/timestamp_create_posts_table and change it shown as below:

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreatePostsTable extends Migration
{
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('posts', function (Blueprint $table) {
            $table->increments('id');
            $table->unsignedBigInteger('user_id');
            $table->text('title');
            $table->longText('description');
            $table->timestamps();

            $table->foreign('user_id')->references('id')->on('users');  
        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::dropIfExists('posts');
    }
}

Then navigate to app/Models/Post.php file and register the following values inside $fillablearray.

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;

class Post extends Model
{
    use HasFactory;
    protected $fillable = [
        'title', 'description'
    ];    
}

Then, run the migration by using the below command:

1	php artisan migrate

Create a New Controller

Then we need to create a new controller in our laravel app to create a login and registration REST API.

1	php artisan make:controller PassportAuthController

Now you need to replace PassportAuthController.php by inserting below code:

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\User;

class PassportAuthController extends Controller
{
    /**
     * Registration
     */
    public function register(Request $request)
    {
        $this->validate($request, [
            'name' => 'required|min:4',
            'email' => 'required|email',
            'password' => 'required|min:8',
        ]);
 
        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => bcrypt($request->password)
        ]);
       
        $token = $user->createToken('LaravelAuthApp')->accessToken;
 
        return response()->json(['token' => $token], 200);
    }
 
    /**
     * Login
     */
    public function login(Request $request)
    {
        $data = [
            'email' => $request->email,
            'password' => $request->password
        ];
 
        if (auth()->attempt($data)) {
            $token = auth()->user()->createToken('LaravelAuthApp')->accessToken;
            return response()->json(['token' => $token], 200);
        } else {
            return response()->json(['error' => 'Unauthorised'], 401);
        }
    }   
}

Now we need to establish our connection between Post and User model. Change app/Models/User.php file.

<?php

namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasFactory, Notifiable, HasApiTokens;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];

    public function posts()
    {
        return $this->hasMany(Post::class);
    }    
}

Then create Post Controller by running below command:

1	php artisan make:controller PostController

Then add following code in to PostController.php

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Post;

class PostController extends Controller
{
    public function index()
    {
        $posts = auth()->user()->posts;
 
        return response()->json([
            'success' => true,
            'data' => $posts
        ]);
    }
 
    public function show($id)
    {
        $post = auth()->user()->posts()->find($id);
 
        if (!$post) {
            return response()->json([
                'success' => false,
                'message' => 'Post not found '
            ], 400);
        }
 
        return response()->json([
            'success' => true,
            'data' => $post->toArray()
        ], 400);
    }
 
    public function store(Request $request)
    {
        $this->validate($request, [
            'title' => 'required',
            'description' => 'required'
        ]);
 
        $post = new Post();
        $post->title = $request->title;
        $post->description = $request->description;
 
        if (auth()->user()->posts()->save($post))
            return response()->json([
                'success' => true,
                'data' => $post->toArray()
            ]);
        else
            return response()->json([
                'success' => false,
                'message' => 'Post not added'
            ], 500);
    }
 
    public function update(Request $request, $id)
    {
        $post = auth()->user()->posts()->find($id);
 
        if (!$post) {
            return response()->json([
                'success' => false,
                'message' => 'Post not found'
            ], 400);
        }
 
        $updated = $post->fill($request->all())->save();
 
        if ($updated)
            return response()->json([
                'success' => true
            ]);
        else
            return response()->json([
                'success' => false,
                'message' => 'Post can not be updated'
            ], 500);
    }
 
    public function destroy($id)
    {
        $post = auth()->user()->posts()->find($id);
 
        if (!$post) {
            return response()->json([
                'success' => false,
                'message' => 'Post not found'
            ], 400);
        }
 
        if ($post->delete()) {
            return response()->json([
                'success' => true
            ]);
        } else {
            return response()->json([
                'success' => false,
                'message' => 'Post can not be deleted'
            ], 500);
        }
    }
}

Define API Routes

Go to your routes/api.php file and place below code in it:

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\PassportAuthController;
use App\Http\Controllers\PostController;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::post('register', [PassportAuthController::class, 'register']);
Route::post('login', [PassportAuthController::class, 'login']);

Route::middleware('auth:api')->group(function () {
    Route::resource('posts', PostController::class);
});

Run our application

Now we have already finished with our API creation. Before testing our API in Postman, you need to run your application using below command:

1	php artisan serve

Testing APIs

To test our API endpoints, we need to use Postman.

Register

Method: POST
URL:http://localhost:8000/api/register
Body
x-www-form-urlencoded

Key Value

name name

email [email protected]

password password

Login

Method: POST
URL:http://localhost:8000/api/login
Authorization: Bearer “access-token”
Body
x-www-form-urlencoded

Key Value

email [email protected]

password password

Create new post

Method: POST
URL:http://localhost:8000/api/posts
Authorization: Bearer “access-token”
Body
x-www-form-urlencoded

Key Value

title title

description description

Get all posts

Method: GET
URL:http://localhost:8000/api/posts
Authorization: Bearer “access-token”

Get single post

Method: GET
URL:http://localhost:8000/api/posts/:id
Authorization: Bearer “access-token”

Update post

Method: PUT
URL:http://localhost:8000/api/posts/:id
Authorization: Bearer “access-token”

Delete post

Method: DELETE
URL:http://localhost:8000/api/posts/:id
Authorization: Bearer “access-token”

Key	Value
name	name
email	[email protected]
password	password

Key	Value
email	[email protected]
password	password

Key	Value
title	title
description	description

Conclusion

In this tutorial, we implemented Laravel REST API with Passport Authentication. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail. You can obtain complete source code for this tutorial from this GitHub repository.