Best practice for secure route access from external website

Posted 4 months ago by snickfire

I’m creating an rest api with laravel and I’m using a third party service and this make a postback to my web giving me some important data. I want to create a /api/postback route and give access to this third party web only. I know that checkclient middleware is for any client. If some user creates a client will get access to this route. I want this route only for 1 client associated to this 3rd party website.

I beleive i can create a passport client then generate token with this client and use this token with postback url, then check if(user_id ==1) then give complete access. But I don’t know if this is good practice, maybe there are other ways to do this.

In the documentation says that Client Credentials grant tokens works for machine to machine and for creating specifics tasks to our websites but doesn’t explain how https://laravel.com/docs/5.8/passport#client-credentials-grant-tokens

Maybe you can help me understand

Thanks in advance

Please sign in or create an account to participate in this conversation.