Level 75
Are you going to use Sanctum or Passport, or your own setup with key | secret.
2 likes
Oct 8, 2023
4
Level 3
A way to authenticate API reuqests?
I'm developing a Laravel web application as a project for my degree. This web application provides API endpoints to vendor websites to allocate seats to different events. So basically a theater can register to this website and enter required details to make events. Each event is created using a unique venue id, a date id and a showtime id. This creates API endpoints to get seat allocation details and can post to allocate seats. The users can distribute those endpoints to their preferred vendors, allowing them to book seats on behalf of them. Right now anyone can make get and post requests to make changes to data. I want to make sure only the allowed vendors to make requests for the system. As an example, if user x distributes their API endpoints to a,b and c vendors, I want to authenticate requests made by a, b and c for events of only x, denying other unauthenticated requests. How can I achieve that? TIA!
Level 3
@jlrdw I can't think a good way to do this. Can you suggest me a suitable way to achieve what I want?
1 like
Level 75
@pjr Start with reading about eloquent API Resourses here:
https://laravel.com/docs/10.x/eloquent-resources#main-content
And you have to figure out your relations, where a, b and c is related to x.
But there is a lot to consider, will this also be for mobile as well? I like charting out things first with pencil and paper if the app is complex.
Edit:
I would consider Sanctum and make a rest api and assign abilities to the token. I suggest the sanctum documentation and videos on sanctum.
2 likes
Level 80
@pjr Use either Sanctum or Passport for the API. Once you’re able to identify the user for a request, you can also what vendor(s) they have access to.
2 likes
Please or to participate in this conversation.