In these series of posts we will create a very basic REST application using Laravel 5.4. We will create an entity – “Post” to demonstrate each step.

Create a Project

So let’s start with the basics. Let’s create a project and the database schema.

 SQLite Database Setup

We will keep things simple and use SQLite. Create a database.sqlite file inside the database folder. In the .env file change the DB_CONNECTION property to “sqlite” and remove the rest of the DB_ properties. That should be enough.

 User Schema Changes

For token authentication we need to add a column (api_token) to the users table. Let us go ahead and make the change in the “create_users_table” migration –

Note: We are keeping this field nullable as we intend to generate this token during login and set it to null again when the user logs out. (Login and Logout will be implemented in Part 2 of this article)

Add the column to the factory, that will help us with our initial tests –

Creating the Post Entity

We will create the Post model,

N.B: The “-m” flag creates the relevant migration file, cool eh? 🙂

And in the migration we will add some basic fields for now,

We will add more columns to this table in the subsequent posts.

In the ModelFactory.php let us define a factory for the Post model,

All done with the Model layer. Now lets run the migrate

and create a couple of  Users

and Posts for testing.

Creating the Controller and Setting up the Routes

Let us get to the next layer and create the PostController with resources.

Note: The “-r” option creates placeholder functions for Resource routing. And “-m” integrates the Controller with a model.

Open the PostController created and we will make some edits to it. First we don’t need the create and edit methods for REST. So let’s go ahead and delete them. Next, we will put in codes for the rest of the methods. And here is the final PostController.

Since Laravel 5.3 the routes.php has been broken into several files under the “routes” directory. So api routes have their own designated home in routes/api.php file. So in goes the Post resource routes in api.php.

I have removed the “create” and “edit” as in the PostController. And as you can see we have added the “auth:api” middleware in (I generally test it first without the auth middleware and then go for it when everything is working fine).

Accessing the APIs

Get the “api_token” value from the “users” table. You can use tinker. Now you can set this “api_token” in 2 ways to access the APIs.

Set the “api_token” parameter in the url, like so

and as this is really not a secured way the better way is to add a header to your request

And we have our secured REST APIs ready. Congratulations!!

Wait, a little more to go.

Handling Unauthenticated

What if you don’t send the api_token? What if you send a wrong one? You will see you are getting a bunch of HTMLs with Laravel errors. We don’t want that, we would like our error messages to be delivered as json, right?

There are 2 ways you can handle this.

  1. You do nothing, but when you are sending your request add header “Accept” : “application/json”. And you will get nice jsonified error response with appropriate response code.
  2. That is all well if you are handling the client as well. But if you are writing a public api which can consumed by other users, I found a little hack. Open app/Exceptions/Handler.php. And make a small change in it’s “unauthenticated” method

The added substr($request->path(), 0, 3) == ‘api’ part checks if the route starts with “api”, and delivers the json error message.

REST with Laravel 5.4 – Part 1: Token Authentication
Tagged on: