Level 6
Can anyone help with this?
Mar 15, 2017
3
Level 6
How to consume Spark API when not authenticated
I'm a little bit confused on how best to consume my custom Spark API. Right now I have the Auth middleware applied to my API routes like so...
Route::group([
'middleware' => 'auth:api'
], function () {
...
}
Here is how I'm using Axios to call the API with Vue.js
methods: {
getCourses() {
axios.get('/api/courses')
.then(response => {
this.courses = response.data;
});
},
}
I'm getting the following error in the console when I'm not logged in
Failed to load resource: the server responded with a status of 401 (Unauthorized)
This obviously makes sense, since I have the 'Auth' middleware applied. However, I want for a Guest user to also to be able to see some pages where I make calls to the API. How would I fix this solution, while still keeping my API locked down with 'Auth' middleware?
Thanks.
Level 67
create a new route group that only uses api middleware and put your "public" routes there and leave private routes in the group using the auth:api middlewares?
Level 6
@cronix, thanks for your response. I agree with you that having one group of API routes with Auth middleware and another group of API routes with no Auth middleware would work.
However, this is my concern:
The public API routes you will still be able to access in the browser (i.e. /api/{example resource}), which I cannot allow to happen. I want every API route to be locked down, but I want to still be able to make Ajax requests for a user that is not logged in. Is there any way to accomplish this with Spark? How do other websites do this?
I'm sure laracasts does this for its API, because you can still view the courses and lessons without being signed in, but absolutely under no circumstances do I have access to the Laracasts internal API. Thoughts?
Please or to participate in this conversation.