Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

eugenefvdm's avatar

Create L8 API - Not an SPA, No Passport needed, plain old API

I'm struggling to create an API with Laravel since Sanctum. I first want to mention my really simple requirements:

  1. I'm not creating an SPA.
  2. I'm not using Vuejs.
  3. I don't want or need Passport. The overhead of OAth is not needed.
  4. I don't want cookie based authentication
  5. I simply want API tokens.
  6. I will make add-hoc requests from the internet, for example, I might be using Postman for testing.
  7. I don't session authentication, just "a simple API request and response".

In older versions (5.8 + 6.0 for example) I could simply create an api_token field on the users table and get cracking.

Not so much anymore. Now it seems Sanctum is the tool and the documentation quickly leads you into lots of complexity. What am I missing? Prior attempts at doing this worked fine for localhost but the moment I moved to Postman and the internet I had all kinds of authorization issues because it seems Laravel 8 is now expected lots of extra that I don't know what to add.

0 likes
4 replies
bobbybouwmann's avatar
bobbybouwmann
5 years ago
Best Answer
Level 88

In older versions (5.8 for example) I could simply create an api_token field on the user's table and get cracking.

This approach should still work out of the box, as long as you set your auth guard to api. You can see the token implementation from Laravel here: https://github.com/laravel/framework/blob/8.x/src/Illuminate/Auth/TokenGuard.php

Make sure you send the correct headers in Postman.

Accept: application/json
Content-Type: application/json
eugenefvdm's avatar

Thanks @bobbybouwmann I managed to get it working in the traditional way.

What's a bit blind is that entire old school way of doing it has been removed from the manual and doing it the Sanctum way seems impossible for simple APIs.

martinbean's avatar

@eugenevdm I don’t think token-based authentication has gone away. I’m pretty sure—given that you have to install Sanctum—that the tokens guard is still the default, and you’re still able to use that guard if it suits your needs and purpose.

1 like
eugenefvdm's avatar

Yep I learnt that the hard way now. The Sanctum documentation talks about token based authentication but it quickly delves into creating tokens and showing them to the user and so on which is overkill for what I wanted to do. It seems that we are being directed towards creating SPA's or refreshing tokens and so on.

All I wanted to do was a simple API. What's gone away are the two places in the manual that explains how to do it the old way.

Please or to participate in this conversation.