Reputation: 443
Laravel 5.6 API Authorization
I am experimenting with Laravel 5.6 to build an ecom store api. The front-end will be a separate angular application. I have most of it working but i want to understand how to guard my order recording endpoint so no one else except my angular application can create the orders. I have looked at the passport package but cannot see a solution which might help.
Upvotes: 0
Views: 346
Answers (1)
Reputation: 2789
I'd recommend https://github.com/neomerx/cors-psr7 to handle the cross-domain requests. However, as headers can be easily faked, don't mistake this for solid security on its own. For that, I'd recommend guarding your endpoints with JWT tokens. I highly recommend https://github.com/tymondesigns/jwt-auth for simple authentication. You can think of it like a tool for managing stateless session tokens. A way to securely have a SPA communicate with your API. If you need more granular control of permissions, that's when you look to Laravel/Passport, or something else like https://github.com/spatie/laravel-permission.
Upvotes: 1
Related Questions
- Laravel API login with username and token
- Laravel 5.5 api authorization with API Token
- Laravel API return 401
- How to use auth in api routes
- Laravel Api Token
- Laravel 5.2 Authentication via API
- How to authenticate API requests in Laravel?
- Authenticating Angular API Call to Laravel
- How to access a laravel API with authentication
- REST api authenication with laravel