Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

bellini's avatar

Api authentication not working

Hey, i created an simple API that is working just fine, i then followed passport installation guide on the docs. My objective is to only allow users of the app to see their own api results, although i still can see all the api results without being authenticated. Am i missing some step?

api route:

Route::resource('tracker', 'TrackerapiController');

api controller:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Tracker;
use App\Http\Resources\TrackerResource;

class TrackerapiController extends Controller
{
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        $trackers = Tracker::paginate(5);
        return TrackerResource::collection($trackers)->additional(['meta' => [
            'version' => '1.0.0',
            'API_base_url' => url('/')
          ]]);
    }

Resource:

<?php

namespace App\Http\Resources;

use Illuminate\Http\Resources\Json\JsonResource;
use App\Tracker;

class TrackerResource extends JsonResource
{
    /**
     * Transform the resource into an array.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    public function toArray($request)
    {
      return [
        'id' => $this->id,
        'user_id' => $this->user_id,
        'value_entered' => $this->value_entered,
        'amount' => $this->amount,
        'coin' => $this->coin,
        'created_at' => $this->created_at,
        'updated_at' => $this->updated_at

      ];
    }
}

As far as Laravel Passport is concerned i followed all the steps in here https://laravel.com/docs/5.7/passport until the Frontend Quickstart part.

0 likes
2 replies
arukomp's avatar
arukomp
7 years ago
Best Answer
Level 10

Yes. Middleware.

Route::resource('tracker', 'TrackerapiController')->middleware('auth:api');

Or just put it within a group containing the middleware:

Route::group(['middleware' => ['auth:api']], function () {
    Route::resource('tracker', 'TrackerapiController');

    // ... other api resource controllers
});
bellini's avatar

@ARUKOMP - Thank you. Another question, how can i change this protected $redirectTo, to give me the intended url of the user, because instead of the api path i am getting /home everytime.

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    protected $redirectTo = '/home';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }
}

Please or to participate in this conversation.