Protect api routes with tokens in a laravel - Angular application

Question

I'm working on a application with laravel backend for API and angular for frontend. Data is feed to frontend from this API. No login (still). I want to keep these data feeding urls(routes) secure. No body cannot be access from outside. I refer this question and something called api-guard. I think there is a way of doing this in a comment of that quiz. (I think this is the way. if there is anything else as the solution, feel free to mention it) as

use laravel passport and create a client then use Bearer $token in header for each request and passport middleware will handle it for protection - @msonowal

But still I have no idea how to do that. If a user enter to the site, how to

• generate token to request

• append it to url

• verify it from backend

• response back relevant to that request (is there any response token append to response)

Thanks guys!!

Answer 1

You can create a personal access token (Refer laravel\passport documentation) that's the simplest method as you are yet to implement login

or

You can generate token for each user during the login

$token = Auth::user()->createToken('Access Token')->accessToken;

this generates a user specific token return this token value in the login success response

whichever method you chose you can pass it as Bearer your-token as authorization header for each request

you can use the middleware to check authentication in your routes/api.php

 Route::group(['middleware' => 'auth:api'], function () {
     // Routes that need authentication here
 }