Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi,
I going to begin a project where I need to do a mobile app and a web app. I was wondering if I could do an API for the mobile app and a web side (with the blade) at the same time in the same Laravel project ?
In this project the users that I have to authenticate would differents. (The users of the API would be "Player" and the users of the web would be "Administrator")
I hope it's clear and if someone has already done something similar I would be glad to hear about it.
Thank you.
Yes, you'll notice Laravel has two route definition files for that i.e. web.php and api.php, where you definite web and api routes respectivly. The API routes, by default, have different middleware.
This allows you have an internal api, split from the web app.
Thank you.
I have began to use the wep.php and the api.php for my routes. Everything worked fine until I tried to use the multi-authentication.
I would like to connect to the web part based on one table (model) and to the api based on another table.
The web part is working fine but the api doesn't work eventhough I modified the auth.php as follows :
return [
'defaults' => [
'guard' => 'web',
'passwords' => 'gestionnaires',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'gestionnaires',
],
'api' => [
'driver' => 'passport',
'provider' => 'clients',
'hash' => true,
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'gestionnaires' => [
'driver' => 'eloquent',
'model' => App\Gestionnaire::class,
],
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
],
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
Obviously I am missing something but I cannot find what. Do you have an Idea about it ?
Client model :
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;
class Client extends Authenticatable
{
use HasApiTokens, Notifiable;
protected $guard = 'api';
protected $fillable = [
'name', 'email', 'password',
];
protected $hidden = [
'password', 'remember_token',
];
}
AuthController I am using
class AuthController extends Controller
{
public function login(Request $request) {
$request->validate([
'email' => 'required|string|email',
'password' => 'required|string',
//'remember_me' => 'boolean'
]);
$credentials = request(['email', 'password']);
if(!Auth::attempt($credentials))
return response()->json([
'message' => 'Unauthorized'
], 401);
$user = $request->user();
$tokenResult = $user->createToken('Personal Access Token');
$token = $tokenResult->token;
if ($request->remember_me)
$token->expires_at = Carbon::now()->addWeeks(1);
$token->save();
return response()->json([
'access_token' => $tokenResult->accessToken,
'token_type' => 'Bearer',
'expires_at' => Carbon::parse(
$tokenResult->token->expires_at
)->toDateTimeString()
]);
}
public function user(Request $request)
{
return response()->json($request->user());
}
And this is my routes in api.php
Route::group([
'prefix' => 'auth'
], function () {
Route::post('login', 'Auth\AuthController@login')->name('login');
Route::post('register', 'Auth\AuthController@register');
Route::group([
'middleware' => 'auth:api'
], function() {
Route::get('logout', 'Auth\AuthController@logout');
Route::get('user', 'Auth\AuthController@user');
});
});
I am always getting the 'message' => 'Unauthorized' message.
Please or to participate in this conversation.