Laravel 10 RESTful APIs Development with Sanctum Authentication | Laravel 10 Development Tutorials

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] Hello friends welcome to Orlando tutor I am Sanjay in this video we'll discuss an important topic of laravel and that is all about restful API development using sanctum Authentication this is a course which starts from Project setup up to API development processes so here first I will discuss that what will be the complete playlist plan that what will cover inside this entire video so let's go to slide first so we can see that this is our complete plan what will follow to create our apis using sanctum Authentication so first we'll start from Project startup then we do database connectivity then we see all about API controller settings and finally the most important point that is all about the settings of sanctum authentication package then we'll see APA routes and after creating routes then we'll see the heart of this video is all about our API creation so first we'll see all about the concept of registration API login API profile API and logout API so this is the complete plan what we'll see inside this entire video and one more request please subscribe to our YouTube channel so that we can create such type of amazing content amazing videos free for you so first I will start all about with project startup for Prozac setup I will go to its official website that is level.com click on documentation and from documentation I prefer composer installation search for composer now here you can see that this is all about a composer command so I will copy back to slide open a new tab so this is a composer command to create a level application so in this command we are using composer to create a project of level of this project setup so I will change the setup name so I will call it as laravel hyphen sanctum hyphen apis let's copy the command here back to Prozac terminal so I'm inside this Whitey folder if I type LS then we can see that already we have a folder inside this YT now I will create a new folder so let's paste that command so composer create project level forward slash laravel and this is all about our project startup name press enter now we can see that installation now is started now successfully project has been installed so let's go to folder structure now we can see that here we have a new folder with the name called level hyphen sanctum hyphen apis so I will open this setup into my vs code editor you can choose any of the editor so open with other application and click on this select button so successfully I have imported that project into my vs code let's go back to project terminal if I type again LS then we can see now we have two folders now let's go inside the sanctum apis folder so CD level hyphen sanctum now we are inside our project setup if I type PHP audition everything is okay now we'll use a command called PHP Artisan serve 2 Star Development server so let's use that PHP Artisan serve development server started so to access project I need to copy this URL so copy link back to browser open a new tab pasting it here and this is all about the landing page of level version 10. now next we create a database so first I will back to checklist go here so first we had completed all about our project setup now next we'll see database connectivity so let's go to our pH email admin click on databases tab so here we need to create a database so I will call it as level hyphen means underscore YT underscore Sanctum sanctum underscore apis let's copy that click on create button so successfully now we have created a database inside of PhD my admin back to editor I will open Dot EnV file search for DB connection and all about the connection string variables so here I will pass database equals to this is what we had created now next for username so for my PhD my admin it is admin and password is admin r38123 in your case it may be different so successfully now this setup has configured with this database now let's close this file if I go back to browser go inside landing page let's reload that so successfully now this database is connected with this application so let's go back to our checklist so successfully now we have done all about database connectivity now next in the third point we need our API controller obviously this is all about API development course so we need a controller class firmware will handle all about our API request so let's go back to terminal I will use the command PHP Artesian means make controller to create our API controller class but before creating our API controller class let's go back to editor I'll go inside app HTTP controllers so we want a apsr folder right here inside this controllers folder it means we want to create our API controller class inside apis or folder inside this controllers folder so let's use our make controller command back terminal close this development server PHP artisan make controller and first I will pass the folder name called API and inside API I want this API controller class press enter now we can see that our controller class now created back to editor go here inside Contours folder now we can see apsr folder and here we have our API controller class this is a normal controller class what we have created so according to our need we need to create our API methods so as we know that inside this API development course we need our API methods for registration login profile and logout so let's create all these four methods back to editor so first I will create for register API which we hate using post request type and pass form data so public function register and two access our form data we need to use request offset so let's pass it here request and request object now let's create another method for login API so login API this method also we hit using post request type and inside form data we pass the email value and the password value so here let's say public function login to get access all of those form data we need to pass here the request of sec now let's create for the profile API so profile API and this API will hit using get request type so public function and let's call it as profile and the final method we need inside this API controller class and that will be of logout method so here this is for logout API and this API means this method also will hit using get request type so this will be get and its Define method here public function log out so successfully now we have created as power need as per the course need all those methods inside this API controller class let's go back to our checklist so successfully now we had created our API controller class and also created our API needed methods now let's see all about our sanctum authentication package settings so first thing first what is sanctum so sanctum is a composer package which we can install inside level application to do all about authentication Services by using the concept of sanctum we can work with tokenized system now in a very simple definition we can understand about sanctum that it is a composer package which we can install inside level application to create apis which transmit our data from Center to receiver by the help of tokenized system in a very secured way now let's see all about the configuration and settings of this sanctum authentication package inside laravel so as per the definition I told that sanctum is a composer package which we need to install inside level setup to work with authentication services but if you're talking about the older versions of level like level 8 version so in that version we need that composer command to install this package inside setup but it is very interesting to know that inside level version 10 this is a by default package automatically integrated inside this level version 10. if I go inside editor let's open composer.json so as we know that once we install any composer package it will go automatically inside this require object or required hyphen David offsack so we can see that inside this require object here we have level four slash sanctum so it means that we don't need any composer command to install sanctum authentication package inside this 1110 so if anyone says that we need composer command to install sanctum authentication so there is no need inside level version 10 automatically this version automatically have this feature so here this is all about for composer.json now to verify if I go inside config folder go inside config folder now we can see that inside this config folder we have a file called sanctum.php which is a basic settings file after the sanctum.vhu file if I go inside database folder go inside migrations now we can see that inside this folder also we have one more migration with the name called personal access tokens so this was the migration which we get after installation of sanctum authentication package via composer but this is the approach what we have followed inside level 8 version but here inside this level 10 this is a by default migration of labeled inside this migrations folder so let's migrate all these tables inside our database first I'll back to project terminal PHP Artisan migrate press enter now you can see that all tables now created inside our database back to browser go here click on the structure now you can see that all tables now created so here we have a table called personal access tokens so once we generate any token value using sanctum it means sanctum token value all those values will be stored inside the stable so this is all about sanctum authentication package now if you're talking about the middleware so after getting the sanctum authentication package by default inside the startup we have also a middleware by the help of that we can protect our protected apis so let's go inside routes folder and I will open api.php so inside this file we can see all magic let's open that now we can see that inside this api.php here we have the middleware called Earth sanctum it means that by default level version 10 has a feature of sanctum and we can use this all sent to middleware to protect our protected apis so let's go back to checklist so successfully here we have discussed all about the complete discussion of sanctum authentication package inside level version 10. now we need API routes so as we know that we need to create registration API login API profile API and Lookout API so these apis we need to create inside our API routes as well let's go back to editor go inside api.php so here first time to import our API controller class so use API controller once we import go here so I will go and comment these lines of code let's say API routes next before creating apis we need one more discussion and discussion is all about open routes and protected routes so let's go back to our APS list so here we can see that we have registration API login API profile API and logout API so if you are talking about register API and login these are open routes it means that to access these methods we don't need any login or any token value but if you're talking about profile API and logout API it will start these are protected apis we need a valid token value so these apis these routes will create inside a group means route group and that group will be protected using a middleware called Earth Sanctum so let's go here I will first register all about registration API and login API so I will call route using post method and here let's call it as register API controller class and from controller class I will call the register method so this is all about for registration API a route post method and here for login API controller class and form API controller class will call login method so these routes are open routes we don't need any login so there is no concept of middleware now let's create our protected apis routes so first I will create a route Group by using group method let's pass an array here and inside this array let's pass middle View and the middleware will use called Earth column Sanctum let's copy the syntax from here now inside this group method inside the second value I need to pass a callback function and inside this callback function we need to register our profile API route and look out API route so here as we know that we hit using get request so profile this is all about API controller class and from that class we'll call Profile method next using route get method I will call logout API so it will be log out and API controller class and from that controller class we'll call logout method so this is all about the API route settings let's go back to the checklist so successfully Now API routes also completed now finally we'll start all about the core part of this course and that is all about API development processes so I will first start with register API back to editor let's open API controller class go inside register method so as we know that to create any user we need the values let's go back to our table first go inside users structure so we need values for name email and password optionally if we want like phone number also we can add inside users migration but currently it is okay so here we need values for name email and password so let's go here inside this register method first I will start with data validation it means name email and password all three fields are required so here the request offset I will call validate method pass an array here name email and password and these fields are required so required fill with the validation rule so I will copy paste in front of email and password now two more rules we want for this email value and that is the email value what we enter should be a valid email address so this is our second rule call email and also once we register any user with any email that email address should be unique throughout user stable so here the third rule we have called unique it means that the email address what we use should be unique inside this user's table now inside this password we'll add one more validation Rule and that is confirmed after data validation this is all about data validation after here we need to use the concept of our user model so if I go inside API folder means app folder models folder so we can see that user.php this is also a by default model Lauren has provided so I need to use this user.php to interact with users table so let's open that now inside this we can see here we have fillable array it means we want all these values now let's go inside API controller class so first I will load our user model so use user model now by the help of user model we can interact with users table and we save our data inside that so here let's say user I will call create method so here we are using model directly we can also create an instance of that and after creating instance we can call insert method but here we are using model directly and calling the static method called create let's pass an array here so the field we have called name email and password so the name value we can get all from request form data so request variable the key we have called name let's go for the email values so request this is the email key what we'll get from request form data and for password request password and one more thing that before saving our password we need to encrypt it first it means instead of saving Lane tax value we want a Hast value so to make a normal string value into a hash value we need to use hash facade so before using let's say that use eliminate means we need to import it first illuminate support for such and here I will call hash after importing let's go here and I will call make method and by using make method you can easily convert a plain text value into a hash value after saving data save data let's prepare response here so return response Json status equals to true message equals to Chooser registered successfully so this is all about the code logic of register method now let's open Postman a tool by the help of that we can do unit testing of apis so by the help of Postman we'll test this user register API so successfully I have opened Postman so before that let's go here and start development server PHP audition sir press enter I will copy project URL so copy link back to postman put it here inside this URL bar I have to select post request type let's go back to editor so as we know that we are calling register API from api.php so we need to add a pair prefix into our URL so here after this project URL four slash API forward slash register now I'm actually to go inside hotels I will pass harder called accept application Json once you pass this header it's go inside body select form data so as we know that we need values for name email and password so here name email and password now let's pass values for all these columns I will pass my name here for email address example gmail.com and password is from one to six so let's first see all about data validation so I will not pass any value into a request click on set button now we can see validation is working fine now let's do testing with a valid email pattern so I will get and let's put this dummy value click on send button but before that let's pass all these values we are sending all these data but email address is not a valid pattern now we can see that the email must be a valid email address so let's pass our valid email value now let's click on send button we can see the password field confirmation does not match and it is coming it's because inside of API controller class inside this register method here we have one more rule called confirmed so once we add with any field it means we want here something called password underscore confirmation as we have added confirmed here so we need to add a field here called password confirmation and inside this field we need to pass the same value what we have inside this password field so let's copy from one to six I will click on send button now you can see user registered successfully let's go back to our table click on browse here now we can see the first user now created so this is all about register API let's quickly create another user I will pass the same email value click on send button now you can see the email has already been taken and this is why because we have added one more rule that is unique users now let's pass something different here foreign to six everything is okay click on send button choose a registered back to table click on pause now we have one more row inside this user's table so successfully this is all about register API now let's see the concept of login API and this is the very important means very important API for this course because by the help of this login API we'll generate a sanctum token value and once we generate the sanctum token value then after that we can access all these methods like profile API and logout API so let's see all about the concept of this login API back to editor go inside API controller class go inside login method so first we need to implement data validation because while working with this login API we need values for email address and password so here request object I will call validate method person a here let's pass our rules so email it is required and also the email value should be a valid email address and next for password so this is all about our form validation so this is all about data validation so once this validation will pass it means we don't have any error we have the values of email address and password so after that I will use the concept of user model to see that this email exists inside of a database so here let's say user equals to the user model scope resolution operator I will use where method let's email we get email form request form data and I will use first method so if this email access inside our database this is an offset and it will be user object otherwise null value will be returned so here what we can do here let's say if not empty a user it means we have a user object we have some value inside this user variable user accessed otherwise go here let's return response Json status equals to false message equals to invaried login details so this is all about failed response now let's go inside this if block it means the user accessed so then I will check all about password here we have checked only for the email value now we need to validate all about for the password so we'll use the concept of again has facade but this time I will call check method so here if has and from has I will call check method now we can see from intellisense all from the heat section that we're going to first pass all about the normal value it means the plain text value and inside second value we need to pass a hash value so in this first value as we know that from request body it means from form data we are getting the password value that is a plain text value so I will pass it here so request password comma and the second value this is all about the comparison parameter all about hash value so as we know that inside our table we have the password which is saved inside hash format so we can access that password value by the help of this user object so I will call user and password so it will return true if this value and this value will match otherwise means the force value will be returned so go here let's say return response Json the test status equals to false and message equals to let's say password didn't match so this is again we have the failed response now let's go inside this if block it means user access with this email and with this password now here we'll use the concept of create token method to generate a sanctum token value so here it's a token equals to I will use the concept of user model object so user if I go inside model class so we can see that already this model imported has API tokens and also inside this class here we have has API tokens it means by using user model offset we can call create token method so go here I will call create token and inside this screen to pass the token name so let's call it as my token it will return various types of values but I will access only the plain text token value so here plane text token so by the help of this line by the help of this code we'll get the sanctum token value now let's go and return our response so return response Json status equals to true message equals to login successful and the third parameter we have called token and in this will pass sanction token value so this is the complete concept of login API method now let's quickly do a unit testing go here I will copy the registry API UI open a new tab pasting it here instead of calling register I will call login and once we call this route so if I go inside API dot PHP this login dot will call Api controller class and login method let's go here select post here go to headers I will pass accept application Json now go inside body select form data we need to pass values like email address and password so email and password without passing any value if I click on send button we can see our validation is working now let's pass the valid email and password so if I go inside database let's copy the valid email value pasting it here password is from 1 to 6. now let's see that I am doing some mistake inside this email value this is a invalid email click on send button now we can see invalid login details and this message is coming of this response now let's pass a valid email value it means user accessed but let's pass our invalid password this time we have a valid email but password is invalid click on send button now you can see password didn't match now let's pass the email and password which containing the valid values click on send button now we can see that status equals to 2 message equals to login successful and successfully now we have a token and this is a sanctum token value leads back to table going side of personal access tokens now you can see that inside the stable we have one entry that is ID equals to 1 tokenable type this is all about the user model by the help of that we have generated this token value this is tokenable ID equals to 1 which is user ID here we have the token name what we had given inside code and this is the token value now here we have our token value which is in plain text format and once we generate then this token value by the help of that we can access profile API and logout API so successfully login API also completed now let's talk about all about profile API editor go inside API controller class I will go inside this profile method so as we know that this method is protected method so to access this method we need to pass a token value and that token value should be a valid token so once we pass token values automatically this middleware will work that is Earth Sanctum so if the toker is valid then we can access these methods otherwise we'll have some error messages like unauthenticated so inside this profile method we use the concept of auth helper function by using auth helper function we can easily get all about the profile information of current logged in user so here let's say data equals to auth helper function and here I will call user method instead of using auth helper function additionally we can use auth facade but here I will use all type of function if you're talking about auth facade so we can call it as like auth and here scope resolution operator and user method but before using auth facade we need to import here so use eliminate support from support I will go inside facets and auth so this is the complete package what we need to import before using that but here I am using auth helper function so let's return response Json and here let's status equals to 1 or let's say true message equals to profile data and finally data or we can call it as user equals to data so successfully this is the complete logic behind this profile method now let's do a quick unit testing I will go here let's copy the API URL login open a new tab change login to profile and this API will hit using get request type inside headers I will pass accept application Json after this application Json also I need to pass authorization header for authorization header what we can do let's go back to our login API I will copy the token value go hangs as profile API and I will call authorization and inside this alteration the value will be Bearer space and the token value now I'm not passing this authorization click on send button now you can see unauthenticated because this profile API out profile method is protected under or sanctum so we need to pass authorization but what we can do here let's do a mistake here I will add let's say 5 which is a space means extra character now this token value is invalid I will click on send button again we are getting unauthenticated now let's pass let's remove this five factor from here I am passing authorization header as well as the value token value click on send button now we can see status is equals to True message equals to profile data and this is all about user information all these data we are getting by using the concept of auth helper function so successfully now we have completed one more API and that is profile API now let's see the last concept of this course that is all about logout API I will go here go inside API controllers go inside logout method this method is also protected it means before calling we to pass authorization token value inside header now again inside this method I will use the concept of all type of function and I will call delete method so here it's all type of function user by the help of tokens method and finally I will call delete so it means that current lock can use all the tokens of current logged in user I am deleting that so after delete let's return response Json and his status equals to true message equals to user logged out and one more thing when we call this logout API it means logout method token will be deleted once the token will be deleted it means that that token value will not be used inside any apis for example this token we have destroyed so that token value will no longer available to use inside this profile API so let's copy profile API URL open a new tab this time I will call logout this is using get request type go inside headers first parameter will be accept application Json go inside second header that will be authorization so I will copy the token value copy the token value here authorization Bearer space and the token value if I uncheck click on send button we can see unauthenticated now let's pass authorization or valid key and a valid token value if I click on send button it means current locked in user token will be destroyed and now when we call this profile API using this token value then we get unauthenticated let's in action click on send button choose a logout when we call our profile API with the same token value click on send button now you can see unauthenticated so this is all about the complete concept of API development inside level or version 10 using sanctum Authentication let's go to our checklist so finally now we have completed logout API okay now I'm telling you that for sanctum authentication inside level version 10 we don't need any installation of sanctum package using composer command by default all the features all the functions all the operations are by default available inside level version 10. so I think that I have given you the best concept of API development using laravel and sanctum authentication so please like this video share this video as much as you can and also please subscribe to our YouTube channel so for this video session guys thank you for watching and have a great day

Info

Channel: Online Web Tutor

Views: 2,002

Rating: undefined out of 5

Keywords: Laravel 10 APIs Development, Laravel 10 RESTful APIs Development, Laravel APIs Development with Sanctum, Laravel REST APIs development using Sanctum Package, Step-by-Step Laravel 10 APIs Development Tutorial, RESTful APIs Development Using Laravel 10 and Sanctum Authentication, What is Sanctum Authentication in Laravel, How To Create APIs in Laravel with Sanctum Authentication, What is Laravel Sanctum Authentication, Online Web Tutor

Id: iif-n1cI_kI

Channel Id: undefined

Length: 40min 35sec (2435 seconds)

Published: Thu Sep 21 2023