skip to Main Content

So basically I understand REST API is basically stateless and we should not use session based authentication of API Routes. However, let’s say if my application already has a session based authentication because it is a SPA. So I have a few questions.

  1. How do we actually protect these api routes without using session, so that we can actually test these api routes on Postman etc ?

  2. How can we achieve this without effecting the existing authentication system ?

  3. Do we need to use Passport or Sanctum to achieve this?

Thank you.

2

Answers


  1. If your SPA and API are on the same domain, you likely want Sanctum which uses sessions via cookies or tokens to manage authentication. Based on your question it seems like Sanctum would be the best fit for integrating with your existing authentication workflow.

    If your SPA is not on the same domain as your API you’ll want to use either Fortify or Passport.

    I would avoid Passport unless you require an OAuth workflow.

    Login or Signup to reply.
  2. Either you can create a your custom authentication using JWT token in laravel to authenticate the API. For that you can use tymondesigns/jwt-auth a third-party jwt-auth library.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search