Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

telecoder's avatar

Fail to call API with error 403

am on laravel 8.6,

Here's what i try to do

a. user login from website and set laravel token into cookie , b. he press grocery button c. it will call to this remote api url to retrive his own grocery list.

(sometimes return http_code 200, sometimes return http_code 403 50% success, 50% fail..)

what might go wrong?

$ch = curl_init();
$headers = array(
    'Authorization: Bearer '. $_COOKIE['authtoken'],
    'accept: application/json'
    );
curl_setopt($ch, CURLOPT_URL,SSO_URL."/api/grocery/grocerylist");
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$server_output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close ($ch);

at API side

auth.php 'api' => [ 'driver' => 'token', 'provider' => 'users', 'hash' => false, ],

api.php Route::middleware('auth:sanctum')->get('/grocery/grocerylist', function (Request $request) { $res = $request->user()->getGrocery(); return json_encode($res); });

Kernel.php middlewareGroups: 'api' => [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ],

VerifyCsrfToken.php: protected $except = [ '/api/grocery/grocerylist', ];

0 likes
2 replies
Snapey's avatar

server post to the same server???

telecoder's avatar

@Snapey web is server1, this api with database is sitting at server2. Login logout no problem, token is generated and always available at cookie, but the api middleware call to get / post, sometimes success with 200, sometimes fail with 403

Please or to participate in this conversation.