Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi Jeff,
I need some videos on how to approach security and authentication in a more advanced way. Let's say that I have an awesome app that I want to deploy as a service. So I need to somehow provide secure API keys and secrets for others to use.
I think I need some videos that teach me (and others, I am sure) on how to securely open apps built with Laravel to the world (as services).
Thank you!
If you're looking for how you can use API tokens, Cachet does this and is hopefully an excellent learning tool.
Here, I'll break down the key parts:
X-Cachet-Token and authenticate as the user.
Ready to use Laravel/Lumen apps with JWT, Bearer and Basic Authentication, CORS and framework agnostic JSON API implementation
Works with any JavaScript client. Tested with Ember.
Thanks guys, but I really need to know how to open the app via API keys by myself. I want to know how to create and offer keys to my application to others... in a secure way.
@jbrooksuk That's all, you just need a random key ? I dont know how secure auth for api works, but for example I can see socialite providers need both client key and client secret key in order to work.
@pmall we're not using oAuth, so it's simply a case of not having to send through your username and password for BasicAuth. You could implement JWT or oAuth if you need more. Cachet also allows you to regenerate your tokens in the event that it gets exposed.
There is no standard for this stuff and it all really depends on how secure you need/want to be. There are lots of things to keep in mind when designing your own scheme; like preventing replay attacks, guarding against Man-In-The-Middle forgeries... This list can get very long. This is why it is highly recommended to use OAuth1.0a, HTTP Basic over SLL, or some other existing solution. API Keys are another great solution, but again, there is no standard way to implement them.
Here are some links I found helpful...
Also, the O'Reilly book: RESTful Web Services by Leonard Richardson & Sam Ruby
Please or to participate in this conversation.