Tutorials › Laravel Framework › Sanctum API Authentication

Sanctum API Authentication

6 min read Quiz at the end

Authenticate API requests with Sanctum personal access tokens or SPA cookie-based auth.

Laravel Sanctum (API Auth)

composer require laravel/sanctum
php artisan vendor:publish --provider="LaravelSanctumSanctumServiceProvider"
php artisan migrate

// routes/api.php
Route::post("/login", [AuthController::class, "login"]);
Route::middleware("auth:sanctum")->group(function () {
    Route::get("/me", fn(Request $r) => $r->user());
    Route::post("/logout", [AuthController::class, "logout"]);
    Route::apiResource("posts", PostController::class);
});

// AuthController
public function login(Request $request) {
    $request->validate(["email"=>"required|email","password"=>"required"]);
    if (!Auth::attempt($request->only("email","password"))) {
        return response()->json(["message"=>"Invalid credentials"], 401);
    }
    $token = $request->user()->createToken("api")->plainTextToken;
    return response()->json(["token" => $token]);
}

public function logout(Request $request) {
    $request->user()->currentAccessToken()->delete();
    return response()->json(["message" => "Logged out"]);
}

← API Resources Next: Service Container →

Topic Quiz · 2 questions

Test your understanding before moving on

1. What does Sanctum provide?

💡 Laravel Sanctum provides simple token-based and SPA cookie-based authentication.

2. How do you protect API routes with Sanctum?

💡 Route::middleware("auth:sanctum") protects routes requiring a valid Sanctum token.

Quick Access

Sanctum API Authentication

Laravel Sanctum (API Auth)

Test your understanding before moving on