Reputation: 741
Secured web application with API backend in Laravel
I've created a web application that uses the built-in authentication method for the web, once the user is authenticated he/she is presented with a dashboard page. At this moment Ajax calls to an API need to be made to fetch data for the logged-in user. What would be the correct approach to this to make it is secure?
As a next step, I would like to be able to use the API "stand-alone" as well, so a 3rd party could access the dataset through the API as well.
Right now I am looking into Laravel Passport as well as Spatie Permission package to help me with access control.
Upvotes: 0
Views: 67
Answers (1)
Reputation: 4992
If you are using ajax calls in same domain it won't be problem with built-in authentication to give access to authorized users only, because tokens & sessions are accessible for laravel and you can get authenticated users by default.
If you want to make external api as well the best approach will be to use Laravel Passport and pass token in Authorization header as usual.
Hope this helps you
Upvotes: 1
Related Questions
- Secure laravel api
- API authentication for Ajax/Axios requests in a Laravel app?
- Unauthorized API Calls - Secure and allow only registered Frontend app
- Securing internal API endpoint with Laravel
- Process to secure my REST API with Laravel
- laravel passport and endpoint permissions
- Authorization Policies/Gates for Laravel 5.3 web app consuming own API w/ Passport
- How to construct a private sever-to-client-side API? Laravel Passport?
- How to secure API endpoints without user authentication
- Laravel API Project - Design and Authentication