Blade frontend with API's

https://medium.com/@tyteen4a03/how-apis-work-an-analogy-for-dummies-ac6ee1d1671b

Thaks for response, but my issues isn't with API, I'm familiar with it's stateless nature, my issue is with it's security and implementing it.

If you read my issue properly you'd probably figure it out.

Dunno if it's sarcasm, but thanks anyway.

In an API it's token-based. Did you thoroughly read over https://laravel.com/docs/5.6/eloquent-resources

I had assumed you read the Laravel docs already.

Of course you can Json decode incoming data and loop through and display the data in HTML or blade. Of course that should go without saying you are free to Loop your data any way you wish.

Besides here you should definitely do a web search for other good tutoirals on using an API with PHP because whatever you learn with PHP it will also apply to laravel since it's a PHP framework.

I think we are miscommunicating.

I'll set my question simple now.

How do I set up authorization for API's if frontend(blade) and backend are on same spot(server). I'm mixing up web.php routes for showing views and hepefully api.php routes for CRUD.

If I found anything in docs specific for my issue, I wouldnt be here asking question.

P.S. I have resources set up

Okay then something else to look into, I've seen where many folks have used guzzle to do the post. I haven't used guzzle myself but maybe that could be your next thing to study up on.

I was curious so I found this http://docs.guzzlephp.org/en/stable/quickstart.html#post-form-requests

If you search I believe straight PHP will handle this stuff but I think a lot use guzzle to make it easier.

Why exactly are you using an API? If the app (serving Blade views) and api both live on the same application, and you are not using AJAX, then separating entry points to your application makes little sense.

Also along with what @tykus said, if you are only trying to write an application that is also mobile-friendly technically you don't need to use in API.

You can make an application mobile-friendly by using media queries, if you are unfamiliar with media queries there are plenty of tutorials on them.

Of course I could be wrong on your intent I was just throwing that into be helpful.

But yes you could do and API without VUE, angular, react. Not knowing for sure perhaps you should look into a restful API and how that works.

1. I'm trying to use API to make RESTful application (no refreshing)
2. Who said I'm no using AJAX or axios.
3. Makes sense when one is making RESTful app without sepparate frontend MPA or SPA.
4. I already have this application made on .NET which I'm trying to recreate in Laravel, and cause it has alot of dynamic lists and dropdowns, it's much easier to serve stuff using API.

Well first of all if you have done this in asp.Net it will be the same in PHP the HTML is exactly the same.

In fact it should be almost nothing to duplicate this in PHP.

And Ajax is the same in all of the languages.

I have used Ajax pretty well much the same in both Java and PHP.

Ok, that was not so clear earlier.

You do not need tokens in this case; to solve the issue, define your API routes in the web,php to take advantage of session, cookies etc. for authenticating the request as coming from inside your application. Just define a Route::group()if you wish to namespace the URIs that you will request with AJAX.

Well never did I say I'm having issues with frontend. Backend auth is what bugs me, how to set it.

Do you have laravels auth setup? https://laravel.com/docs/5.6/authentication

So users register and create the account and logs in. They are now authenticated.

Then you just need to put your routes that require the user to be authenticated in a middleware group. https://laravel.com/docs/5.6/middleware#middleware-groups

Route::group(['middleware' => ['auth']], function () {
    // all routes that require user to be authenticated

    Route::get('/some-endpoint', 'SomeController@SomeMethod');
});

Pubic routes (like homepage, etc) would be outside of that route group. Anybody trying to access a route in that group will be denied if they aren't logged in.

So I can use that standard auth for API's too? Awesome!

Yes, the user just needs to be logged in. Of course your ajax calls (all calls actually) that use POST/PUT/PATCH/DELETE verbs need a csrf token.

If you're using the default js libraries that laravel mix is set up for (axios being one of them) and you've run npm install to install them and npm run dev to compile them, and include the default app.js file that it creates, then it's all set up. You just need to create the metatag in the head of your main view template and axios will automatically read it and send it in the headers on every request.

<meta name="csrf-token" content="{{ csrf_token() }}">

https://laravel.com/docs/5.6/csrf#csrf-x-csrf-token

Already have that set up. Thanks alot!

So I can use that standard auth for API's too? Awesome!

What you're doing technically isn't an api, so yes, this will work. You're just making ajax requests to your same app.

No other sites/apps can use your api with tokens, etc., like you can with a real api. Only your regular users who navigate to your website and login with the login form can. There is a difference.

I'm glad you cleared that up because it just sounded like a normal laravel application to me.

Oh well.

Maybe a good start for you if you eventually you need a real API.

https://medium.com/modulr/create-api-authentication-with-passport-of-laravel-5-6-1dc2d400a7f

Just one more notice if anyone else happens to come across same issue. Use web.php instead of api.php for API calls, if you use standard auth, it works just like it should.

Thanks everyone who was involved.