MattB
3 months ago
580
3
Laravel

Protecting API routes with middleware

Posted 3 months ago by MattB

Hi guys, so I'm trying to learn API routing on Laravel and so far it all works, but I would like to know how to protect the API from view. So far if anyone was to put in the API link into the address bar, you could see the entire JSON object. Is there a way to protect this using middleware like you can normal links? I have this as my links so far:

Route::apiResources([
    'user' => 'API\UsersController',
    'faq' => 'API\QuestionController',
    'dump' => 'API\DumpController',
    'gallery' => 'API\GalleryController',
    'artpack' => 'API\ArtPackController',
    'boughtArtPack' => 'API\BoughtArtPackController'
]);

Tried protecting it with an established auth middleware I have working for the admin back end routes but now it blocks the API whether you're logged in or not. I have it set up like this:

Route::group(['middleware' => 'IsAdmin'], function () {
  Route::apiResources([
    'user' => 'API\UsersController',
    'faq' => 'API\QuestionController',
    'dump' => 'API\DumpController',
    'gallery' => 'API\GalleryController',
    'artpack' => 'API\ArtPackController',
    'boughtArtPack' => 'API\BoughtArtPackController'
  ]);
});

Please sign in or create an account to participate in this conversation.