Level 53
Sep 23, 2019
5
Level 27
API
Hello,
I am building API and I wonder if you use middleware for API security and you call the api through Mobile apps react native. I wonder how to make the call possible? Does it require the user to login first or what?
As far as now, I have to turn off the middleware to make the API works and the mobile apps is also in progress.
Level 27
Does it always require the user to pass the user token everytime it needs to call the api?
So for post request I have to use:
$response = $client->request('POST', '/api/user', [
'headers' => [
'Authorization' => 'Bearer '.$token,
'Accept' => 'application/json',
],
]);
For GET request do I have to create a query string url in the api?
$response = $client->request('GET', '/api/user?api_token='.$token);
Level 53
@davy_yg yes, you should pass a token for each request because API is stateless.
No, you can use header or query string (or even both) for both GET and POST requests.
Level 27
Check this code:
ApiTokenController.php
class ApiTokenController extends Controller
{
/**
* Update the authenticated user's API token.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function update(Request $request)
{
$token = Str::random(60);
$request->user()->forceFill([
'api_token' => hash('sha256', $token),
])->save();
return ['token' => $token];
}
}
What does this line for?
$request->user()->forceFill([
'api_token' => hash('sha256', $token),
])->save();
For the token in which table do I need to add the column token supposing that I want to return product_api ?
product table or user table?
Level 53
What does this line for?
Well, the comment above clearly states what it does Update the authenticated user's API token..
For the token in which table do I need to add the column token supposing that I want to return product_api ?
Not sure what you are talking about, but you should store the token in users table.
Please or to participate in this conversation.