Level 73
All post routes uses those tokens, so you need to pass it along in the call, you can disable it, but I don't recommend doing that.
Sep 16, 2024
6
Level 4
Base installation of Breeze - Only API
Hi,
I installed Breeze with Only API and wanted to try individual predefined routes for authentication. The first thing I went to try was /register route. When I tried to send a request through Apidog, I encountered the error:
CSRF token mismatch.
But when I changed the line:
require __DIR__.'/auth.php';
from the web.php file to the api.php file, so the request was successful.
I have 2 questions to be clear about it.
-
Why, if it's an Only API installation, the authentication routes are put in the web.php file, which uses CSRF by default?
-
Or did I forget to set something, either in Apidog or in the application, so that it works correctly?
Maybe it is obvious for you, but i am just starting with API.
Thanks for responses
Level 4
@Tray2 Yes, if i registered route, which returns CSRF token and i paste this token to request headers, everything is okey. But it is so annoying still trying to find out new CSRF token after expiring session.
I dont have any Frontend Application yet. Just want to develop base skeleton of simple API first.
Level 9
It's easy to misunderstand, but the Breeze API stack is not for general APIs. It's not "stateless, authenticated by API token." Don't be fooled by the word "API."
The Breeze API stack is a starter kit for use in combination with Sanctum SPA authentication. SPA authentication is stateful, session authentication. CSRF is required.
You chose the wrong starter kit.
The "API only" starter kit that you really want doesn't exist. All you need is php artisan install:api. You'll have to create the authentication function yourself.
1 like
Level 4
@puklipo Hmm.
I ran that command on a fresh installation of Laravel Breeze, and nothing changed. Even my composer.json didn't update any package. I didn't get any changes in git by running this command. The only change I noticed is that when I ran the command, I saw the information that I should add HasApiTokens trait to the User model. So I think that command is the same like Laravel Breeze starter kit, but Breeze does for me authentification, no?
To be clear, I want to create an API in Laravel that will contain user registration, login and other business logic. My frontend application (SPA) or mobile application will communicate with this API, and I thought the best place to start for this is to start with Laravel Breeze - Only API. I don't want to use Inertia.
Or am I wrong?
Level 1
why not use default api route
api.php
try once this
Level 1
Same thoughts and expectations regarding the API-only keywords!
Please or to participate in this conversation.