Reputation: 45
A way to make Laravel API private or restricted
I am now working on a development using Laravel and Vue.js. Vue files are included in Laravel, not separated. The problem is that I set up to send data to frontend(vue) by answering API calls. I've recently deployed my app to VPS, and now anybody can send GET/POST request to the API using curl command... Would you please let me know how I can make the API private/restricted? I would like it to be accessed only by Vue. FYI, I used JWT-auth for the login system.
Upvotes: 1
Views: 1507
Answers (1)
Reputation: 906
You need to pass the token in every request and in the api.php file you can protect routes by api middleware. i recommend you this serie of tutorials: https://blog.peterplucinski.com/setting-up-jwt-authentication-with-laravel-and-vue-part-1/
How to protect routes
Route::group([
'middleware' => 'api',
'prefix' => 'posts'
],
function ($router) {
Route::post('/', 'PostController@index');
});
Another option:
Route::middleware('auth:api')->get('/posts','PostController@index');How to pass token in request the request
axios.get('/api/posts', {
headers: {
Authorization: 'Bearer ' + localStorage.getItem('token')
}
})
.then(response => {
this.data = response.data
}).catch(error => {
})Upvotes: 2
Related Questions
- Make Laravel API only accessible from frontend (no direct access)
- Protect guest user in api calls | Laravel
- Restrict Laravel API access to given frontend(s) only
- How can I restrict API info to user? Laravel 5.7
- How to protect laravel api route from outside access but allow unrestricted access if request comes from frontend?
- make laravel api only accesible by logged users in laravel 7
- Prevent users to access some routes in Laravel and Vue
- Securing internal API endpoint with Laravel
- Laravel - Protect API routes
- Laravel + Vue JS : Prevent access to pages without permission