Level 80
@deekshith You can use the client credentials grant in Passport:
The client credentials grant is suitable for machine-to-machine authentication.
Apr 8, 2021
3
Level 5
Secure Laravel api endpoints for non user login api's
i have wordpress site and working on android application for that i am creating the api using wordpress db in laravel api.php.
example :http://www.example.com/api/posts
this will retrieve all posts but i don't want this api to be accessed in public instead i want token based verification system from machine to machine.
i am not able to find the example to achieve this. as of now there is no user database in current application and it is just information portal.
any example?
Level 5
@martinbean thanks for the reply. i have some confusions. please check this.
i have followed documentation and added the route like below in api.php
Route::get('/test-api', function (Request $request) {
return 'here';
})->middleware('client');
I have created a client as well using below command,
php artisan passport:client --client
But the problem is now how the client (android app ) generates the token.
right now i can create the token like below,
http://localhost/insightsapp/public/oauth/token
the response will be like below,
{"token_type":"Bearer","expires_in":31536000,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI2IiwianRpIjoiN2VmNzgxZDU3ZTkOGRkMjlhNWZiNWVlNzZkM2I3M2U5NDgyZmI0YjA5YzdmODA5M2U5MmFiNzllMDA0MDk3MGE0YTdlZGYiLCJpYXQiOjE2MTc4OTUyMjUuMTM4OTg3LCJuYmYiOjE2MTc4OTUyMjUuMTM4OTk3LCJleHAiOjE2NDk0MzEyMjUuMDIyODQxLCJzdWIiOiIiLCJzY29wZXMiOlsiKiJdfQ.gYpbzoC2xfv_ixYISRgk6ZbEGHG8f-e3-n87dXwZEi0IGU1kvoV6McxNUnCRRxMiaz0JU1HCD1eXQw5R77DpUTB9gH6xe93LLlvHr0pSNX4ZpQ-Oxe5yrGHqW5pEZp0nztC9T-UqqvGzOPHFdqQH9e6JebAUgQiv3gxQGNot88osG1AUbbQAVgqxwTNOK5fTN1JaKsWnPgWrdNIN6LbQIoST4htnReelAaxpVCOFLD4dYj_u8fK5v5IvTfTbXxJ972FoejQSQIOsWZi4NvJQ2qDbjXENB-2ljYth2K5xQJAKWnB4xJTA-Rb-bQ0GEGNhyPcHpDultqUJaBgJBLGcbtLoes-8FI1iq1ghJSV8g07-o8okA0-5K6vVoRcwaxm5udA9S_vLOlmlhzY-VZKY1StOmxDJ1ncfyQKX6S6gypfq_s34D3NUcc3Z17hQxCDj1Gvnhc2H5MumakqQdDVPREbwn0PnCjrSwu1Oy-YOwOjuZZtlybrZK57zzHYoEDVHJ20wqiz8Gkif4-g2UD6WeImFmXM3FVaJq7W-r_5sHySbTmhOdrN3AkOs53SYMN3tPa56vMLKBcKTB5zdde6vk45Ymp2ua_8oNgpfCK9h8vkJ0QsGHOtd9HacoXd4p27x_95hR2ekYfj7cvqDIZpvaGbzyXl39lydXqluuOoGg"}
But the main confusion is how android app use this token for api calls? do i need to call this token generate api everytime whenever android user clicks normal api?
as there is no user login how to store this token for future reference and when to call this token generate api?
Please help me with this
Level 5
i am trying like below, when user installs the app i will call this api to generate the token,
http://localhost/insightsapp/public/oauth/token
then store in localstorage and pass this token in authorization header to fetch all other API details.
Once token expired i will let to call token generate api again.
is this approach is fine or please let me know any other approach i can follow.?
Please or to participate in this conversation.