Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

kendrick's avatar

API route based on authenticated user?

I have a component where I fetchBookings() for through an API route, and Echo.private all BookingCreated for $doctor, through an authenticated broadcast channel.

Through the API route I fetch all Bookings, but actually only want to fetch $doctor->bookings()

BookingListComponent.vue <booking-list :doctor="{{ $doctor }}"></booking-list>

<template>
    <div>    
      <div class="row">
        <div v-for="booking in bookings">   
          <booking :booking="booking"></booking> 
        </div>  
      </div>  
    </div>
</template>

<script>

export default { 

    props: ['doctor'],

    data() {
        return {
            bookings: [], 
        }
    },
    
    created() { 
        if (!this.bookings.length) {
            this.fetchBookings();
        }
    
        Echo.private(`Bookings.${this.doctor.id}`)
        .listen('BookingCreated', (e) => {
            this.fetchBookings();
        });

     },

     methods: {
       fetchBookings(){
           axios.get('/api/bookings').then(response => this.bookings = response.data.data);
       }
    }  


};
</script>

api.php

Route::get('bookings', function () { 
    return BookingResource::collection(Booking::all()); 
    
    // here I get all Bookings, but actually only need to fetch $doctor->bookings()
});

Is this possible through an Api route, to get $doctor, or should I just turn the bookings prop into:

data(){
    return{
        bookings: this.doctor.bookings  
    }
}
0 likes
6 replies
bobbybouwmann's avatar
bobbybouwmann
6 years ago
Best Answer
Level 88

You can adjust the route to just the doctor like so

Route::get('bookings/{docter}', function (Docter $docter) { 
    return BookingResource::collection($doctor->bookings()->get());
});

Both solutions are fine, it just depends on your needs ;)

2 likes
kendrick's avatar

fetchBookings(){
    axios.get('/api/bookings/' + this.doctor).then(response => this.bookings = response.data.data);
}

returns a 404 not found on /api/bookings/[object%20Object]

Nakov's avatar

@splendidkeen

in your script this.doctor returns an Object.. you should use this.doctor.id maybe?

kendrick's avatar

@bobbybouwmann - Sorry for coming back, but this is giving me major headaches.

I found, that if I visit /api/bookings/1 I get the bookings in JSON format from the DB for the doctor with the id 1.

The problem is, if I change the 1 to 2 in the url, I get bookings in JSON format from the doctor with the (id: 2), still logged in as doctor (1).

Also created a new conversation (https://laracasts.com/discuss/channels/laravel/api-route-restrictions) for it - but what am I failing to implement, so that this problem can be solved?

Somehow the $doctor = Auth::user()->doctor()->findOrFail($id); can't be accessed within the API-Route, even though within the view, it is accessible e.g. if I dd($doctor) in the Controller.

Please or to participate in this conversation.