I'd like to ask whether it is a good idea to use the default authentication shipped with Laravel as a way to secure my basic API.
I have got a web interface for my app, which sometimes needs to make an API request, let's say, to get all the messages belonging to a user. Now, the mini API that I made will only be used for AJAX requests from the web interface, i.e. in order to be able to request something through the API, the user has to log in view the web interface. Is it a good way to secure the API using some kind of modified default Auth middleware or something similar?
I'd like to ask whether it is a good idea to use the default authentication shipped with Laravel as a way to secure my basic API.
Sure, that's what it was made for. However, please define "default authentication". There are at least two ways: Login and store in a cookie (behavior in a normal web app) or do HTTP Basic Authentication.
If your user must be logged in and sends an AJAX request to the same domain, the cookie is usually send along and you can simply use the default Auth stuff for your API. No need to modify the default Auth middleware at all. However, if it should be possible to send API requests from somewhere else (e. g. native app), you must use a different authentication mechanism.
API in your case seems to be just another word for "return stuff via AJAX".
@cm
Thanks for a quick reply. Yes, basically it will only be used for serving data to the AJAX requests for which I plan to use the default Laravel Auth middleware = default authentification. I have missed that series of videos, thanks for the link.
