Machine-to-Machine API Authentication

Hi, I am trying to integrate a Laravel CRM app with WooCommerce. In my case, the CRM is a SaaS, where each customer has it's own account, and can connect an WooCommerce shop through an Wordpress plugin.

In the plugin settings he should have a API Key field and username. How can I provide him an API key and how can I make the authentication work from machine to machine, so every time he receives a new order, the order details are sent to the CRM via an API?

I don't think JWT will work in this case because the token must be saved in a cookie, right?

I looked into Laravel Passport and the Client Credentials Grant Tokens says it is suitable for machine-to-machine authentication, but can be generated only through artisan command line. I need the customer to be able to generate an API key from his profile page and save it in his WooCommerce store settings. Then this key will be used to authenticate his shop when the order data is saved in the CRM app, via the API.

Do you have any suggestion on how I can do it? Any examples where I can look into?

Thanks a lot! :)

bobbybouwmann

7 years ago

Level 88

Well Laravel Passport is actually doing this for you. So if you use the frontend that's provided by passport you will see a screen where you can create a new client. You should be able to reuse this client_id and client_secret thats generated in your woocommerce plugin.

That is basically the php artisan passport:client command you're running right now. You can do this programmically as well!

use Laravel\Passport\ClientRepository;

public function index(User $user, ClientRepository $clientRepository)
{
        $client = $clientRepository->create(
        $user->id, // Current logged in user
         $name,  // Name for token
        '' // Redirect url (might not be needed for you)
    );
}

Code: https://github.com/laravel/passport/blob/7.0/src/ClientRepository.php#L101

1 like

Please or to participate in this conversation.