Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi
I'm aware of the options for issuing API token on our laravel API app, like Sanctum and JWT Token.
Based on the documentation, there are 3 different usage of Sanctum itself, mobile app, SPA app, or API token.
What would you use for general purpose API? let's say we have an API that used on our domain, as well as mobile app (not just one of those).
Is Sanctum API Token enough for both? or for our mobile app it always need 'special way' of issuing the token? as written here https://laravel.com/docs/8.x/sanctum#mobile-application-authentication Or just use JWT for this? https://github.com/tymondesigns/jwt-auth
My though: We can use laravel sanctum with 2 different route for issuing token, one for mobile, one for general API token.
What do you guys think
@yoman I would simply say Laravel Passport will be one of the best choices if you talk in general.
Now it depends on what is the domain of your "general purposes"? If you want to serve API authentication, the Passport will serve every purpose.
I rewrite JWT Token authorization. More secure authorization.
You can try to study and rewrite JWT auth.
Please or to participate in this conversation.