Reputation: 12718
Laravel API - protecting route access
I am building a RESTful Laravel 5.1 API. I only want to allow my frontend Angular app to access certain routes, but currently all the routes are simply exposed.
I was going to use auth middleware to check that my frontend app is authorized to access a route:
$router->get('/sensitiveData', ['middleware' => 'auth',
'Resources\Questions@getSensitiveData'
]);
But this is good for checking a specific user.
How can I protect my routes such that only specified client apps can access routes? Should I be registering a ClientID somewhere? How can I specify this?
Upvotes: 0
Views: 1404
Answers (1)
Reputation: 6279
Check this package
Usage
In your controller extend the ApiGuardController
this way your api is private , you can access it only when using an Authorization token
You can find more informations and Options in the docs (like how to create the private api-key or Turning off authentication for a specific method ..etc)
there is no need to set a middleware for it.
Upvotes: 1
Related Questions
- Access-Control-Allow-Origin Multiple Origin Domains?
- How do I get a YouTube video thumbnail from the YouTube API?
- How to detect a route change in Angular?
- Use of PUT vs PATCH methods in REST API real life scenarios
- Using Laravel Auth middleware
- How to organize such route protection using Laravel Passport?
- Laravel + React, consume api with Laravel authentication
- Laravel API aren't reading access token from another server
- Laravel 5 Protecting Routes with Middleware