Level 1
I should add also, this API is for internal applications, only.
The public won’t be able to access it directly, I am using Passport.
I have been told you can bypass tokens using Passport internally using self authentication?
Mar 7, 2021
7
Level 1
Consuming API
I am developing a frontend for a API.
It’s built in Laravel, the front end and in the same application so is the API.
What’s the best way of making calls to that API without having to authenticate each request as it’s coming from the same application?
Level 104
APIs are stateless. If you need to know who is making a request, then you need to send a token to identify the user
Level 1
Not what I meant, I am using Web Routes and well as API routes in a single Laravel application.
How can I use the API routes without having to authenticate?
Level 5
You could set up your CORS configuration in Laravel to only accept requests from your domain (allowed_origins).
Level 1
With that as a solution, would I still need to send bearer tokens with each request?
Level 80
@jwhm You’re not really making any sense. You say you’re using Passport (OAuth authentication) but then say you don’t want to use authentication. Make your mind up.
If you don’t want to authenticate API requests, then remove the auth:api middleware from your API routes. But, that does then mean if the application is publicly-accessible, then any one will now be able to access your API endpoints.
Level 1
I want to use Passport for external connections, and bypass authentication from local host?
Please or to participate in this conversation.