Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi,
I want to create an API for my Laravel app. I could use Passport for authentification, but I don't need all this... The communication is made from server to server : a partner is requesting the API, I answer, and he uses the JSON I send. He has access to my two endpoints, without restrictions.
What's the best way to secure this to only authorize him, and not everybody through there browser for example ? Do you have any clue or advice ?
Thanks :-)
@bastienu Passport is honestly the easiest and best way to do this. Look at Client Credentials Grant Tokens. They specifically exist for doing this.
The client credentials grant is suitable for machine-to-machine authentication.
https://laravel.com/docs/6.x/passport#client-credentials-grant-tokens
Passport isn't a heavy package. It does a lot but it is very lightweight and battle tested.
Ok, thanks a lot Fylzero :-)
Please or to participate in this conversation.