Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mankowitz's avatar

How to do basic auth for a single user for api?

I am setting up an integration between another system and my Laravel App. The other system asks me to provide a username:password pair which it then uses to access my App. What is the best way to achieve this? I don't necessarily want to add this user to my users table, although I could if that would help. This is what I've done so far:

In web.php:

    Route::post('/PCC/webhook', 'PointClickCareController@handleWebhook');

In PointClickCareController.php:

    public function handleWebhook(Request $request)
    {
        $header = $request->header('Authorization');
        Log::info("webhook header: " . $header);
        $expectedAuthString = base64_encode($this->webhookUser . ":" . $this->webhookPass);
        Log::info("webhook auth expected: " . $expectedAuthString);
        if ($header != $expectedAuthString) {
            Log::info("webhook auth FAILED");
            abort(403, 'Unauthorized action.');
        }

In my access.log, I can see that the other system is attempting to connect to /PCC/webhook with the correct username, but none of the Log data is showing up.

0 likes
2 replies
adrian.nuernberger's avatar
adrian.nuernberger
7 years ago
Best Answer
Level 23

Heres how i did it

Add a new config file (app/config/baseauth.php)

return [
    'users' => collect([
        ['username', 'secret'],
        ['otherUser', 'secret123'],
    ]),
];

Create a middleware php artisan make:middleware BasicAuthenticate

namespace App\Http\Middleware;

use Closure;

class BasicAuthenticate
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (config('baseauth.users')->contains([$request->getUser(), $request->getPassword()])) {
            return $next($request);
        }

        return response('You shall not pass!', 401, ['WWW-Authenticate' => 'Basic']);
    }
}

Register your middleware app/Http/Kernel.php

...
protected $routeMiddleware = [
	'auth' => \App\Http\Middleware\BasicAuthenticate::class,
	'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
	'can' => \Illuminate\Auth\Middleware\Authorize::class,
	'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
	'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
...

Use your new middleware in your route file

Route::post('/PCC/webhook', 'PointClickCareController@handleWebhook')->middleware('auth');

hope this helps you

6 likes

Please or to participate in this conversation.