Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

TuffRivers's avatar

Laravel Web API Auth

Hi All, i was looking at some tutorials that use Passport for authentication when using laravel as a web API, i was curious, if i were to say use Angular or React as a front end would i still need to send the CSRF token to the front end and send it back with every call?

0 likes
1 reply
bobbybouwmann's avatar
bobbybouwmann
6 years ago
Best Answer
Level 88

I always like this tutorial to get started: https://scotch.io/@neo/getting-started-with-laravel-passport

Anyway, no need to send the CSRF token. All your routes that go through the passport authentication should be placed in the routes/api.php file. API routes are stateless, so you can't check against the CSRF token. This also means you don't have to worry about it.

You send the access token on every request which authenticated the user. So instead of having a session, you check against the token. This is all handled by Laravel Passport

2 likes

Please or to participate in this conversation.