Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

taijuten's avatar

General Advice - How to handle API authentication (and databases)

I'm looking into building my first API with Laravel 5. Most concepts I get, but there's one thing I'm not quite sure of.

So far I have two separate projects:

  • Api
  • Front-end

The idea being that the front-end and API are stand-alone, and further front-ends can be developed later such as platform-specific apps etc.

I understand that each request would require authorization in order to be considered RESTful, but how should this be handled on the front end? A user will be required to "log in" to the front-end, and the user data would presumably be held on the same database as the API information.

My question in essence is, once the user is authorised with the API, how should this authorisation be persisted on the front-end? Would a front-end database normally be employed, keeping sessions etc and thus making the front-end unRESTful?

Sorry for the non-Laravel-specific question, though both front-end and API are being constructed in Laravel.

0 likes
3 replies
khoanguyenme's avatar

@taijuten

My question in essence is, once the user is authorised with the API, how should this authorisation be persisted on the front-end?

In a RESTful API, after authentication you will get a access token. Your front-end have to send this access token on every request to API. Backend(API) will validate this access token and provide infomation.

If you are building a web api consumer, you can have a fallback cookie option (so users don't have to authenticate every time they close browser tab). On others api consumer (mobile apps for example) you can store the access token in someplace safe

1 like

Please or to participate in this conversation.