Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
So i want to use default api route that laravel provided which is
Route::middleware('auth:api')->get('/user', function (Request $request) { return $request->user(); });
Based on the documentation i made api_token column in the user table and generate random string everytime a user register to fill the column.
When i test the api using postman it return the user json. (I already include Accept and Authorization bearer header).
But when i tried to call the api through controller it always return null This is my code
$token = 'abcde'; $request = Request::create('/api/user', 'GET', [ 'Accept' => 'application/json', 'Authorization' => 'Bearer '.$token, ]); $response = json_decode(Route::dispatch($request)->getContent());
But it will return json if the route doesnt attach middleware(api:auth)
I also tried to use Guzzle and it give Curl 6 error unresolved host
Any suggestion? Thank You
Looks like you are trying to pass headers as 3rd argument which should contain query parameters. Try setting them like this:
$token = 'abcde';
$request = Request::create('/api/user', 'GET');
$request->headers->set('Accept', 'application/json');
$request->headers->set('Authorization', 'Bearer ' . $token);
$response = json_decode(Route::dispatch($request)->getContent());
Thank you for the answer
Now i got json response "message": "Unauthenticated."
But i'm sure that i input the right token
If you are using apache server, try adding this to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
It's already exist in my .htaccess but slightly different
RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
i tried to change it to what you suggest and still got the same unautheticated message
So it's not a problem with passing headers. You are either passing wrong token or there is something seriously wrong with your configuration. Are you using Passport for the authentication?
Nope, it's a normal random string. By the way i already consume this api in android apps and it's working just fine. It's just i still can't consume this api through the laravel app itself.
So you are storing tokens inside users table, in api_token field? They you are either passing wrong token or doing something wrong with the request inside app. You can either try passing token as GET parameter instead of bearer token ($request = Request::create('/api/user?api_token=' . $token, 'GET');) or, if that doesn't help, try dumping token in middleware and check if it matches any token in database.
Please or to participate in this conversation.