Level 80
@citytrader The Sanctum docs has a section on using tokens for authenticating APIs:
https://laravel.com/docs/9.x/sanctum#api-token-authentication
Sep 19, 2022
6
Level 3
Proper way to Authorize Laravel API using another frontend repository
I am using Sanctum for my APIs. I wonder whether sending bearer tokens on every authenticated request is good practice. Another option is to use sessions. If I were to use sessions, how would I implement it?
I would also appreciate if you could send me a link of a github repo implementing APIs for authentication PS: Please can anyone recommend the proper way of constructing API for authentication (login, register, logout)
Level 3
@martinbean I checked that out, but it still don't understand how to implement this
Level 80
@CItyTrader You create an endpoint that returns tokens. You then use the returned token in subsequent requests to your API.
Level 3
@martinbean okay.. so I also discovered that this way is not secure and that we should use sessions with the tokens instead
Level 80
@CItyTrader Nope. RESTful APIs are typically stateless. You don’t use session-based authentication with them.
Level 3
@martinbean okayyyy. Thanks man
Please or to participate in this conversation.