Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Benji_13's avatar

Getting Error 401 on API route with Laravel Sanctum and Fortify

Hey everyone,

I have searched the whole internet looking for an answer to that, but nothing seems to work.

So I have my backend which serves as an API and I'm using Laravel Fortify along with Sanctum for authentication. Let's say my backend is at api.domain.com.

I have my frontend running on nuxtjs and I'm connecting to my API through nuxt auth. The front-end is at front.domain.com.

I struggled a bit with CORS for the sanctum/csrf-cookie and /login route but I've got that figured out.

The next API call is to api/user, but this one is returning a 401 error along with the message "Unauthenticated".

I have checked and I am sending the xsrf-token in the header and I have set SANCTUM_STATEFUL_DOMAINS as domain.com and SESSION_DOMAIN as .domain.com.

Here is my cors.php file

    'paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout'],

    'allowed_methods' => ['*'],

    'allowed_origins' => ['https://front.domain.com'],
    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => true,

I'm running out of solutions here, can anyone help me ?

Cheers,

Benji

0 likes
1 reply
txsoura's avatar

Hello, I'm having the same problem. Did you find the solution?

Please or to participate in this conversation.