Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I am using the default laravel out of the box auth on the web routes so a user can login through the login webpage.
Furthermore i have JWT set up on the api routes and can login with curl in the console for example to then make api calls..
but how do i combine these?
i mean, a user goes to the login page and gets authenticated. then he visits a page that runs an api call to the backend but that doesnt work because he has no jwt token yet, only the csrf token.
how can i do the api call without doing an extra jwt login? (iow reusing the already logged in credentials somehow).
or is this not possible because its two different authentication systems?
or is it better to just make a copy of all the api routes to web routes so the api can be called from the website itself and for calls from third parties they simply use the api routes and therefore need to login in before making calls?
i guess this is an option but it menas keeping track of all the api routes in both web.php and api.php which seems somewhat cumbersome and error prone approach.
or maybe another option:
upon successful log in in through standard web portal immediately also do a request to /api/authenticate.
then store the obtained jwt token in a php session and use it everytime a call to the api needs to be made?
still seems a bit of a hack but perhaps the best option?
anyone else have any experience on this? or a pointer to a better solution?
much appreciated!
Please or to participate in this conversation.