Level 80
@nigeldorning For OAuth, client credentials grant would be suitable if the third-party has a system that needs to integrate with your API, and there’s no “person” in the middle.
May 27, 2020
3
Level 3
Choosing the right API solution
Hi, hope all is well.
Currently planning a project at work and it seems like we're going to need to create an API. I've experience consuming them but never made one before and the authentication/authorization is confusing me.
So the project is going to require a handful of sites to feed into the Laravel application, so it seems to me that we don't want to issue API keys for users but just for these handful of sites. I'm just lost as to how to generate the keys for the sites and what type of authentication method to use.
I believe I'll need the client credentials grant but I'm not sure and a little lost on how to set it up. Or would Sanctum be an easier solution?
Thanks a lot.
Level 3
Hi thanks for your reply.
So if I set up the grant type using, php artisan passport:client --client, how would I send a request through javascript to authenticate?
Worth mentioning that the data would be coming in from a form so would this still be an appropriate solution?
Thanks again.
Level 3
Okay so I think I'm getting somewhere with the Client Credentials Grant but have a few more questions.
As the sites will be sending Ajax requests to the Laravel application when a form is submitted how do I secure the client and client secret on the front-end?
Also Is it possible to setup a one and done type bearer token? These forms are just contact forms that we want to capture some data from.
Thanks a lot for your help.
Please or to participate in this conversation.