Let public Vue SPA to store data on Laravel API (authenticated in some way)

Posted 1 week ago by Charrua

Hi, I have a Laravel app that manages a school calendar, multiple manager users can add appointments to calendar.

When an appointment doesn't show up, we will be firing some automated email to the member for re-schedule a new appointment. The email will contain a button for re-chedule, when clicked, members will be redirected to SPA made on Vue.

The SPA will have a form, and get the ID from the button link of the appointment. After user sets a new date, a POST request will be made to the API to store the information.

I will want to secure this in some way, the basic ideas that come to me are:

  • Securing the API: maybe some sort of authentication between the SPA and the API or maybe the API will only let this SPA's domain to call an API route (some sort of whitelist domain to call API route) At first I was thinking on using Laravel Passport but I couldn't find a use case that fits.

  • Securing the SPA: only members that are sent the email will have access to the SPA

What will be your recommendations/ideas?

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.