How to secure my API without setup OAuth?

Hi, I have a project that currently only use in my company but as it scale, it need to integrate with other app and that need to use my API for calculation. But my current setup is that there's authorization whatsoever.

When I started I don't think much as it's a local system and no need to expose API to the public so I didn't have anything secure. Now, I want something simple like signature but without using the passport or JWT. I just want to keep it simple. How to achieve that?

audunru

6 years ago

Level 4

I think you do want Passport, but use Personal Access Tokens. You will get an api key that you can use to authenticate your requests to your api, no need to worry about an authentication flow, refresh tokens, etc.

https://laravel.com/docs/5.8/passport#personal-access-tokens

Laravel also offers a simple API token system, described here: https://laravel.com/docs/5.8/api-authentication

But in my experience, just go with Passport to begin with. You have to do some work in both cases anyway, and Passport gives you all the commands you need to generate keys once you’ve set it up. Also, if you need multiple keys or something in the future, you’re ready for that situation.

Please or to participate in this conversation.