Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Maison012's avatar

Cant login with tenant with api routes

Hello all, i am trying to interact with api routes for tenant on my laravel app. So i have installed tenancyforlaravel package. I have configured successfully web based routes and they work well, also api routes for central domain. But making api routes for tenant domain has become a good callange for me. So then i have created new file under /routes/tenant/api.php and i call this route on /routes/tenant.php require __DIR__.'/tenant/api.php';

// api.php `/routes/tenant/api.php`

Route::prefix('v1')->group(function () {
    // Define your tenant-specific API routes here
    Route::controller(RegisterController::class)->group(function()
    {
        Route::post('login', 'login');        
    });
});

And also i have created /app/Http/Controllers/API/Tenant/RegisterController.php with login function

public function login(Request $request)
{
    // dd("Tenant Login"); 
    if(Auth::attempt(['email' => $request->email, 'password' => $request->password]))
    { 
        $user = Auth::user(); 
        $success['token'] =  $user->createToken('MyApp')->plainTextToken; 
        $success['name'] =  $user->name;
        return $this->sendResponse($success, '', 'User login successfully.');
    } else { 
        return $this->sendError('Unauthorised.', ['error'=>'Unauthorised']);
    } 
}

Who should make login when i run thishttp://foo.localhost:8000/v1/login on postman. But return me

{
    "success": false,
    "message": "Unauthorised.",
    "data": {
        "error": "Unauthorised"
    }
}

Does anyone how can i make this to work? I mean this should login the tenant profile, not the central profile

0 likes
3 replies
martinbean's avatar

@maison012

  1. Why are you trying to create a “login“ route? You don’t “log in” to an API; you use a token to authorise the user.
  2. Why are you returning success in the response body? That’s completely unnecessary. The client knows whether the request was “successful” or not based on the HTTP status code.
Maison012's avatar

@martinbean

Why are you trying to create a “login“ route? You don’t “log in” to an API; you use a token to authorise the user.

How can i auth by token? I mean where can i get this token?

Why are you returning success in the response body? That’s completely unnecessary. The client knows whether the request was “successful” or not based on the HTTP status code.

It was jut my choise also the tutorial i found online, i can remove but i think this is not the problem.

Maison012's avatar

@martinbean I have meke some changers based on what you suggest me. so then i have done this

On the UserController

public function issueAPIToken()
    {
        $user = Auth::user();
        $token = $user->createToken('api-token')->plainTextToken;
        
        return redirect()->back()->with('success', $token);   
    }

and then on tenant.php route

// Issue Api Token
        Route::get('/user/issue-token', [UserController::class, 'issueAPIToken'])->name('users.api.token');

So i can access this route when i am loged in as tenant, then i create new token for my loged in tenant from the webview. But now when i do this on postman

http://foo.localhost:8000/api/v2/user
//Headers
[{"key":"Accept","value":"application/json",},{"key":"Authorization","value":"Bearer 5|jhAzwH....",}]

i get "message": "Unauthenticated."

But this work if i try to generate token for my central users, and for tenant is not working. Any idea how to fix this if this is the right way?

Please or to participate in this conversation.