# Laravel Sanctum Integration
This guide will show Laravel API authentication using sanctum
# Introduction
Laravel Sanctum (opens new window) provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs. Sanctum allows each user of your application to generate multiple API tokens for their account. These tokens may be granted abilities / scopes which specify which actions the tokens are allowed to perform.
# Installation
You may install Laravel Sanctum via the Composer package manager:
composer require laravel/sanctum
Next, you should publish the Sanctum configuration and migration files using the vendor:publish Artisan command. The sanctum configuration file will be placed in your application's config directory:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
Next, if you plan to utilize Sanctum to authenticate an SPA, you should add Sanctum's middleware to your api
middleware group within your application's app/Http/Kernel.php
file:
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
Sanctum allows you to issue API tokens / personal access tokens that may be used to authenticate API requests to your application. When making requests using API tokens, the token should be included in the Authorization header as a Bearer token.
To begin issuing tokens for users, your User
model should use the Laravel\Sanctum\HasApiTokens
trait:
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
}
Finally, you should run your database migrations. Sanctum will create one database table in which to store API tokens:
php artisan migrate