Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
What is the best approach when building SPA applications. To use existing auth:routes in web routes or to create our own login, register, etc. links in api routes?
@ivanradojevic best to add specific routes for your api as the behaviour of the Auth methods whilst similar is won’t be exactly the same.
You want to return json objects rather than render views for example. You’ll not want to do any redirects either.
Depending on how your build your api, you may also want to use a conventional Auth layer to allow you to administer it do keeping standard auth routes would also be good for this.
@ivanradojevic It’s probably worth reading up on how SPAs work if you’re asking this question.
A SPA (single-page application) lives on the client (i.e. as JavaScript). Therefore, you can’t use session-based authentication. Instead, you’ll need to use something like Passport or Sanctum to authenticate your user using tokens. You then no longer “log in” in the traditional sense; you instead request a token that you store and use on the client side to authenticate requests to your application’s API.
For SPA authentication "Sanctum does not use tokens of any kind. Instead, Sanctum uses Laravel's built-in cookie based session authentication services...".
Personally I use inertiajs to build SPAs. Uses laravel default logic for most things (auth, routing etc)
@sinnbeck inertiajs looks pretty neat.
Bit puzzled by their claims that you aren't building an API. Writing controller methods that return data in a form to be consumed by a js frontend certainly smells like an API to me.
Looks like its worth checking out though.
Please or to participate in this conversation.