Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm creating my first api using laravel and using vuejs for the frontend. I'm using jwt for authentication and all works fine.
When i visit /api/routename i can see the collection i created. However, im confused now if the public will be able to access this api. If they do, i do not have a problem, but what if they change the data. I do not have any idea if this can happen or not.
Can someone explain me if this api accessible to public can be altered or deleted by them?
I'm using jwt for authentication and all works fine
If you are protecting your routes properly, then the public cannot see/change anything unless they are authenticated. In addition, you can use authorization to protect the routes/actions, especially those which modify or delete resources.
@tykus Currently im using this template https://github.com/cretueusebiu/laravel-vue-spa
Could you suggest any good article for rbac or middle for jwt and vuejs
Please or to participate in this conversation.