Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Kwanele_dev's avatar

Choosing API Paradigm

I am writing an API that will be consumed by a frontend application like ReactJS, and I am a little unsure how to go about that. I've seen the official documentation suggest using ApiResource but I'm relatively new in API development. A fairly straightforward approach I use looks like so:

// log user out
    public function logout(Request $request)
    {
        try {
            $request->user()->currentAccessToken()->delete();
            return response()->json([
                'status' => 'success',
                'message' => 'You have been logged out!'
            ]);
        } catch (Exception $e) {
            return response()->json([
                'status' => 'error',
                'message' => 'Logging out failed',
                'error' => $e
            ]);
        }
    }

where the Logout request is made to an API route '/logout'. I want to understand what is the difference between this approach and Apiresource, and most importantly which approach should I take, if I want to encrypt the JSON responses sent to the client application

0 likes
4 replies
vincent15000's avatar

I suggest you to use Fortify to handle the authentication.

And you have a complete documentation on how to authenticate a user via Sanctum according to which type of application you are developping.

https://laravel.com/docs/11.x/sanctum

1 like
Kwanele_dev's avatar

@vincent15000 I appreciate the suggestion vince and will definitely try it out, however I am not specifically looking for ways to authenticate. I am looking into scalable and convectional ways to write APIs that match industry standard, paired with ways to safely transmit data between the server and the client application

1 like
martinbean's avatar
martinbean
1 year ago
Best Answer
Level 80

@kwanele_dev Please don‘t catch exceptions like that. You‘re just catching all of them just to return a generic error message to the user. Meanwhile, the exception has been “blackhold”. It’s no longer going to show up in any error logs, so now you’ll never know if users are experiencing errors, and if a user does report an error, you have no information (like the error message or stack trace) to diagnose the problem, because you didn’t write it anywhere and now it’s gone forever.

Return successful responses from controllers, and then let Laravel handle errors. You also don’t need to put status in the response body. A user will know if the “status” was successful or an error due to the HTTP status code. That’s literally what they’re for. If a user’s getting a 500 status, then they know that the “status” is an error.

Also, you don’t “log out” of stateless APIs. You use tokens with an expiry time.

2 likes

Please or to participate in this conversation.