Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I am in process to design an application for a customer where the User Interface will be in Angular 6 and the back-end will be in the API.Now as I am using angular (SPA) I communicate with server though JSON and REST API. Now need your suggestions on the process to secure my API.
My Analysis -
Personal Access Token is not a good idea as the tokens are always long lived. I have already done a demo on the same.
Consuming Your API With JavaScript is may be a good option but it used cookies and it will be good approach or not I am not sure.
I am open for any good suggestions including other approach like JWT also if it's proves logical.
Thans in Advance.
Sorry to contradict but tokens are not always long lived, you configure to your needs. Mine expire every 5 minutes and I have an Angular Interceptor that refreshes the token on demand. My OAuth server is standalone solution and every request is authorised by using an Nginx Proxy to authorise with my OAuth server before being forwarded on...
Regardless of your setup, tokens are the way to secure your endpoints. Try Laravel Passport.
I am trying passport only. In passport we have the options mentioned above in #1 & 2. Also I dont want maintain a new server rather would like to do it in single apache. So, if u can share a link or reference to configure the same then that will be helpful.
You can integrate passport, does not need to be standalone and Passport configuration options for the lifespan of you token are detailed at https://laravel.com/docs/5.7/passport#configuration
@PRIMORDIAL - Hey I have implemented the OAUTH with grant option and it's working as expected. Just one more question out of context of oauth. In normal project we have middle ware to validate all request (As per configuration), Controller to handle all the request and Model to connect with database. But how I can manage the service layer where I will right my business logic like what processing needed before sending the data. Is laravel have any option to support the same.
Hi, Can anyone answer the below questions for me.
https://laracasts.com/discuss/channels/laravel/customize-passport-queries https://laracasts.com/discuss/channels/laravel/customize-passport-queries-and-encryption
Please or to participate in this conversation.