gbdematos's avatar

Creating an API with Laravel 5.3 (A lot of questions)

Hi!

So, I am really new to this API stuff. I developed a few websites before using just PHP with no framework, and then using Laravel after learning it. Now I'm learning Vue, and I was creating an API for my application (only to self consume for now), this way:

  • Dingo to handle routes, responses, etc.
  • Authentication only on the back end, if something goes wrong (like, an authenticated user trying to edit something or access some other user content), it results in an error... I'm pretty sure this is not the best method, but I tried really hard to understand that JWT Auth, and couldn't find a source to get me going...

I had to pause the development, and when I returned and knew that Laravel 5.3 would handle API, auth, and Vue more effortlessly, I decided to wait for the release... Now, I'm starting to develop this API again, but I'm coming up with a lot of questions...

At first, I tried accessing API routes manually (or with Postman) but couldn't, so I read about Passport and I'm trying to use it now.

  • If I want to make an API to self-consume, should I go through all the process of installing Passport, just to use one client?

  • What is the default alternative for Laravel Passport? Because without installing Passport and with driver set to "token", the api just doesn't work (I get redirected to "/" when trying to make a manual request).

  • What about normal User Authentication, does this have anything to do with it? At first, I thought oAuth2 was about authenticating users, and Passport was an alternative for JWT Auth... But I was clearly wrong... So I still have to use something like JWT to manage this?

  • To self-consume, should I use only ONE token for my client, or each user should have its own token? This is the main thing I'm not understanding.

  • Is it still recommended to use Dingo or Laravel 5.3 now handle API & Response related things better?

Can someone help me, or point me to the right direction/resource? What should I use to make a really simple API to self-consume, that can handle users authentication?

Thanks!

0 likes
2 replies
davorminchorov's avatar
davorminchorov
9 years ago
Best Answer
Level 53
  • Laravel Passport will be used for OAuth 2 servers (OAuth 2 authentication)
  • JWT Authentication can be used as an alternative o OAuth 2 which I believe it's easier.
  • Every user will have his/her's own token.
  • Normal authentication doesn't work with APIs because you don't have sessions when working with APIs. APIs are stateless and you authenticate on each request basically (or well you check for the token on each request).
  • If Dingo gets updated for 5.3 very soon, sure, use it but I see it's not really actively developed. (last time I checked) The things dingo helps you with can be done by yourself. You don't need all those things at the start, you can just implement them slowly throughout your

I'll recommend you to read Build APIs You Won't Hate by Phil Sturgeon if you want / can / have free time.

Also, when building APIs, it's a little bit different compared to traditional web applications, so it might be more complicated when you start working this way.

12 likes
gbdematos's avatar

@Ruffles thank you for your reply! I devoured this book in 2 days after your recommendation, good reading... helped me a lot! Thanks.

1 like

Please or to participate in this conversation.