Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi guys, I am working on an API application that uses Sanctum for authentication. My intention is to have users register but also get assigned a personal access token that will be used for authenticating API calls.
How should do I go about the implementation? Should I also also generate a second token at registration and send that as the Personal Access Token or is there a better way to implement it.
You could issue the API token when they register for an account. modify the store method in the Registration Controller located in Http\Controller\Auth folder.
See: https://laravel.com/docs/9.x/sanctum#issuing-api-tokens on how to issue tokens.
I wouldn't send the token to the user via email however. But rather show it to them after they have logged in.
@staybold since I am using Sanctum, at registration I am already issuing a token with createToken , is it okay to also generate another token I can store on the users table and use it for specifically for the API endpoint authentication ?
Please or to participate in this conversation.