In this article, we’ll delve into another vital concept of Laravel: Laravel 11 REST API Development Using Sanctum. Here, we’ll provide a comprehensive, step-by-step guide to crafting RESTful services from the ground up.
Representational State Transfer (REST) serves as an architectural style delineating a set of principles for designing web services. REST API, in turn, offers a straightforward and adaptable means of accessing web services without complex processing.
Within this article, our focus will be on establishing a secure suite of REST APIs utilizing Laravel and Sanctum. Sanctum stands as a Laravel composer package pivotal to this process.
Read More: Laravel 11 RESTful APIs with JWT Authentication Tutorial
Here, we will see to create these APIs:
- Register API
- Login API
- Profile API
- Refresh Token API
- Logout API
Let’s get started.
Laravel Installation
Open terminal and run this command to create a laravel project.
composer create-project laravel/laravel myblogIt will create a project folder with name myblog inside your local system.
To start the development server of laravel –
php artisan serveURL: http://127.0.0.1:8000
Assuming laravel already installed inside your system.
Create Database & Connect
To create a database, either we can create via Manual tool of PhpMyadmin or by means of a mysql command.
CREATE DATABASE laravel_app;
To connect database with application, Open .env file from application root. Search for DB_ and update your details.
DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=laravel_app DB_USERNAME=root DB_PASSWORD=root
Install Sanctum Auth Package and Create “api.php”
Open project terminal and run this command,
php artisan install:apiAfter installation you will find this package into composer.json file,
"laravel/sanctum": "^4.0",It will create “api.php” into /routes folder as well as it setup sanctum auth package.
Update “User.php” model file
Add this line,
use Laravel\Sanctum\HasApiTokens;next, Use this HasApiTokens
Here, is the complete code of model class file.
<?php
namespace App\Models;
// use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;
    /**
     * The attributes that are mass assignable.
     *
     * @var array<int, string>
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];
    /**
     * The attributes that should be hidden for serialization.
     *
     * @var array<int, string>
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];
    /**
     * Get the attributes that should be cast.
     *
     * @return array<string, string>
     */
    protected function casts(): array
    {
        return [
            'email_verified_at' => 'datetime',
            'password' => 'hashed',
        ];
    }
}
Run Migrations (If any pending)
php artisan migrateIt will migrate all pending migrations of application.
Successfully, you have setup Sanctum auth package into application.
Now, you have a middleware which you can use to protect api routes i.e “auth:sanctum”
API Controller Settings
Run this command to create API controller class,
php artisan make:controller Api/ApiControllerIt will create a file named ApiController.php inside /app/Http/Controllers folder.
Open file and write this complete code into it,
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use App\Models\User;
class ApiController extends Controller
{
    // Register (POST - name, email, password)
    public function register(Request $request){
        // Validation
        $request->validate([
            "name" => "required|string",
            "email" => "required|string|email|unique:users",
            "password" => "required|confirmed" // password_confirmation
        ]);
        // User model to save user in database
        User::create([
            "name" => $request->name,
            "email" => $request->email,
            "password" => bcrypt($request->password)
        ]);
        
        // Response
        return response()->json([
            "status" => true,
            "message" => "User registered successfully"
        ]);
    }
    // Login (POST - email, password)
    public function login(Request $request){
        // Validation
        $request->validate([
            "email" => "required|string|email",
            "password" => "required"
        ]);
        // Check user by email
        $user = User::where("email", $request->email)->first();
        // Check user by password
        if(!empty($user)){
            if(Hash::check($request->password, $user->password)){
                // Login is ok
                $tokenInfo = $user->createToken("myToken");
                $token = $tokenInfo->plainTextToken; // Token value
                return response()->json([
                    "status" => true,
                    "message" => "Login successful",
                    "token" => $token
                ]);
            }else{
                return response()->json([
                    "status" => false,
                    "message" => "Password didn't match."
                ]);
            }
        }else{
            return response()->json([
                "status" => false,
                "message" => "Invalid credentials"
            ]);
        }
    }
    // Profile (GET, Auth Token)
    public function profile(){
        $userData = auth()->user();
    
        return response()->json([
            "status" => true,
            "message" => "Profile information",
            "data" => $userData
        ]);
    }
    
    // Logout (GET, Auth Token)
    public function logout(){
        // To get all tokens of logged in user and delete that
        request()->user()->tokens()->delete();
        return response()->json([
            "status" => true,
            "message" => "User logged out"
        ]);
    }
    // Refresh Token (GET, Auth Token)
    public function refreshToken(){
        
        $tokenInfo = request()->user()->createToken("myNewToken");
        $newToken = $tokenInfo->plainTextToken; // Token value
        return response()->json([
            "status" => true,
            "message" => "Refresh token",
            "acccess_token" => $newToken
        ]);
    }
}
ApiController class contains the api methods for,
- Register
- Login
- Profile
- Refresh Token
- Logout
Setup API Routes
Open api.php file from /routes folder. Add these routes into it,
//...
use App\Http\Controllers\Api\ApiController;
Route::post("register", [ApiController::class, "register"]);
Route::post("login", [ApiController::class, "login"]);
// Protected Routes
Route::group([
    "middleware" => ["auth:sanctum"]
], function(){
    
    Route::get("profile", [ApiController::class, "profile"]);
    Route::get("logout", [ApiController::class, "logout"]);
    Route::get("refresh-token", [ApiController::class, "refreshToken"]);
});
Application Testing
Run this command into project terminal to start development server,
php artisan serveRegister API
URL – http://127.0.0.1:8000/api/register
Method – POST
Header –
Accept:application/jsonForm data –
{
   "name": "Sanjay Kumar",
   "email": "sanjay.owt@gmail.com",
   "password": 123456
   "password_confirmation": 123456
}Screenshot –

Login API
URL – http://127.0.0.1:8000/api/login
Method – POST
Header –
Accept:application/jsonForm data –
{
   "email": "sanjay.owt@gmail.com",
   "password": 123456
}Screenshot –

Profile API
URL – http://127.0.0.1:8000/api/profile
Method – GET
Header –
Accept:application/json
Authorization:Bearer <token>Screenshot –

Refresh Token API
URL – http://127.0.0.1:8000/api/refresh-token
Method – GET
Header –
Accept:application/json
Authorization:Bearer <token>Screenshot –

Logout API
URL – http://127.0.0.1:8000/api/logout
Method – GET
Header –
Accept:application/json
Authorization:Bearer <token>That’s it.
We hope this article helped you to learn about Laravel 11 RESTful APIs with Sanctum Authentication in a very detailed way.
If you liked this article, then please subscribe to our YouTube Channel for PHP & it’s framework, WordPress, Node Js video tutorials. You can also find us on Twitter and Facebook.
Read more