Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

vinn0203's avatar

Laravel withoutMiddleware and unauthenticated conflict ?

Hi I am implementing withoutMiddleware, the link api/v1/bills returned 401 unauthorized! below is my code:

Route::group(['middleware' => 'auth:api', 'prefix' => 'v1'], function () {

Route::get('bills', [BillController::class, 'index'])->withoutMiddleware('auth:api');
Route::resource("bills", BillController::class);

I think is because unauthenticated method in Authenticate.php is applying

Http/Middleware/Authenticate.php

protected function unauthenticated($request, array $guards)

{

    if (in_array('api', $guards)) {
        abort(response()->json(['message' => 'Unauthorized!'], 401));
    } else {
        return route('login');
    }

}

Thanks

My laravel version: Laravel Framework 9.52.16

0 likes
2 replies
Snapey's avatar

Presumably the response is because you are NOT authenticated?

1 like
vinn0203's avatar

@Snapey is this code bypass authentication?

Route::get('bills', [BillController::class, 'index'])->withoutMiddleware('auth:api');

Please or to participate in this conversation.